Chapter 4 A Chaos based Secure Image Encryption

)8

! " !" # $ % & ' %&' !" ( )

( !" * + +

,* + -!.

(

- / . ,0/ / +) . /)' + ! ) 1 1 2344 - 23456 - !) 1 2347 $'8 9 " 8 $+/+) 2343

!!"#$

!

!"#$ % "

! & ' & ( )*! &

" "*)+,-!

./ 0&$1%0 23,)4 5"! 5 3,)4 % "

! & ' & ( " "3,)4

Design and Analysis of Cryptographic Techniques for Image Encryption

Dr. Bhaskar Mondal

Contents

Contents

i

Preface

1

1 Introduction

3

1.1

A Short History . . . . . . . . . . . . . . . . . . . . . .

4

1.2

Cryptography . . . . . . . . . . . . . . . . . . . . . . .

6

1.3

Cryptography Objectives . . . . . . . . . . . . . . . . .

9

1.4

Types of Cryptography Techniques . . . . . . . . . . .

10

1.5

Methods of Tests for Quality of Encryption Algorithms

18

1.5.1

Statistical Frequency Attack and Histogram analysis . . . . . . . . . . . . . . . . . . . . . . . . .

18

1.5.2

Known-Plaintext and Chosen Ciphertext Attack: 18

1.5.3

Information Entropy Analysis . . . . . . . . . .

1.5.4

Perceptual Security: Peak Signal-to-Noise Ratio (PSNR) . . . . . . . . . . . . . . . . . . . . . . i

19

19

CONTENTS

CONTENTS

1.5.5

Known plain text attack and correlation coefficient 20

1.5.6

Maximum Deviation . . . . . . . . . . . . . . .

21

1.5.7

Irregular Deviation . . . . . . . . . . . . . . . .

21

1.5.8

Brute-force Attack, Exhaustive Key Search and

1.5.9

Key Space Analysis . . . . . . . . . . . . . . . .

22

Key Sensitivity Analysis . . . . . . . . . . . . .

22

1.5.10 Chosen Plaintext Attack and Differential Crypt-

1.6

1.7

analysis . . . . . . . . . . . . . . . . . . . . . .

23

1.5.11 Diffusion Characteristics and Avalanche Effect .

24

Chaos Theory . . . . . . . . . . . . . . . . . . . . . . .

24

1.6.1

Performance Evaluation of Chaotic Maps . . . .

26

1.6.2

Logistic Map . . . . . . . . . . . . . . . . . . .

26

1.6.3

2D Standard Map . . . . . . . . . . . . . . . . .

29

1.6.4

Arnold’s Cat Map . . . . . . . . . . . . . . . . .

29

1.6.5

Piecewise Linear Chaotic Map (PWLCM) . . .

31

1.6.6

Asymmetric Tent map . . . . . . . . . . . . . .

33

Outline of The book . . . . . . . . . . . . . . . . . . .

34

2 The State of Art

39

2.1

The Data Encryption Standard (DES) . . . . . . . . .

42

2.2

The Advanced Encryption Stander (AES) . . . . . . .

43

ii

CONTENTS

CONTENTS

2.3

The Confusion Diffusion Method . . . . . . . . . . . .

2.4

A Comparative study on Cryptographic Image Scrambling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.4.1

45

Generalized Matrix-based Scrambling (Transformation) . . . . . . . . . . . . . . . . . . . . . .

2.4.2

43

48

Quantum Image Gray Code and Bit Plane Scrambling . . . . . . . . . . . . . . . . . . . . . . . .

50

2.4.3

Image Scrambling based on 2D mapping . . . .

52

2.4.4

Key based Scrambling by Row and Column Shifting . . . . . . . . . . . . . . . . . . . . . . . . .

53

2.4.5

Fu et al. Scheme . . . . . . . . . . . . . . . . .

53

2.4.6

Comparative Study and Results . . . . . . . . .

56

2.5

Chaotic Maps and Encryption . . . . . . . . . . . . . .

62

2.6

Encryption in Frequency Domain . . . . . . . . . . . .

63

2.7

Cryptographic Steganography . . . . . . . . . . . . . .

64

2.8

Cryptographic Watermarking . . . . . . . . . . . . . .

64

3 Image Encryption using LFSR and RC4 3.1

67

Preliminaries . . . . . . . . . . . . . . . . . . . . . . .

68

3.1.1

Linear Feedback Shift Register . . . . . . . . . .

68

3.1.2

RC4 Key Stream Generator . . . . . . . . . . .

69

iii

CONTENTS

3.2

CONTENTS

The Encryption Scheme . . . . . . . . . . . . . . . . .

71

3.2.1

Permutation . . . . . . . . . . . . . . . . . . . .

72

3.3

Substitution using RC4 Key Stream Generator . . . . .

74

3.4

Decryption . . . . . . . . . . . . . . . . . . . . . . . . .

75

3.5

Experimental Results . . . . . . . . . . . . . . . . . . .

76

3.6

Security Analysis of Test Results . . . . . . . . . . . .

78

3.6.1

Histogram Analysis . . . . . . . . . . . . . . . .

80

3.6.2

Correlation Analysis . . . . . . . . . . . . . . .

82

3.6.3

Key Sensitivity Analysis . . . . . . . . . . . . .

83

3.6.4

Chosen Plaintext Attack and Differential Crypt-

3.7

analysis . . . . . . . . . . . . . . . . . . . . . .

83

3.6.5

Information entropy . . . . . . . . . . . . . . .

84

3.6.6


85

Summary . . . . . . . . . . . . . . . . . . . . . . . . .

85

4 A Chaos based Secure Image Encryption Algorithm 4.1

87

The Encryption Scheme . . . . . . . . . . . . . . . . .

88

4.1.1

Random Number Generation

. . . . . . . . . .

88

4.1.2

Permutation . . . . . . . . . . . . . . . . . . . .

90

4.1.3

Diffusion . . . . . . . . . . . . . . . . . . . . . .

90

iv

CONTENTS

4.2

4.3

CONTENTS

Experimental Results . . . . . . . . . . . . . . . . . . .

92

4.2.1

Correlation Coefficient Analysis . . . . . . . . .

93

4.2.2

Information Entropy Analysis . . . . . . . . . .

93

4.2.3

Irregular Deviation . . . . . . . . . . . . . . . .

93

4.2.4

Peak Signal to Noise Ratio (PSNR) . . . . . . .

95

4.2.5

Diffusion Characteristics of Cryptosystem . . .

96

4.2.6

Avalanche Effect . . . . . . . . . . . . . . . . .

97

4.2.7

Number of Pixel Change Rate (NPCR): . . . .

98

4.2.8

Unified Average Changing Intensity (UACI) . .

98

4.2.9


99

4.2.10 Key Sensitivity Test . . . . . . . . . . . . . . .

99

Summary . . . . . . . . . . . . . . . . . . . . . . . . .

99

5 Image Encryption using Chaos & DWT

101

5.1

Enhanced Piecewise Linear Chaotic Map . . . . . . . . 102

5.2

Discrete Wavelet Transform (DWT) . . . . . . . . . . . 103 5.2.1

5.3

The Encryption Scheme . . . . . . . . . . . . . . . . . 104 5.3.1

5.4

Haar wavelets . . . . . . . . . . . . . . . . . . . 103

Decryption Process . . . . . . . . . . . . . . . . 106

Experimental Result and Security Analysis . . . . . . . 106 v

CONTENTS

CONTENTS

5.4.1

Histogram Analysis . . . . . . . . . . . . . . . . 107

5.4.2

Correlation Coefficient Analysis . . . . . . . . . 108

5.4.3

Peak Signal to Noise Ratio (PSNR) . . . . . . . 110

5.4.4

Avalanche Effect . . . . . . . . . . . . . . . . . 111

5.4.5

Information Entropy Analysis . . . . . . . . . . 112

5.4.6

Number of Pixel Change Rate (NPCR ) . . . . 112

5.4.7

Unified Average Changing Intensity (UACI) . . 113

5.4.8

Maximum Deviation . . . . . . . . . . . . . . . 113

5.4.9

Irregular Deviation . . . . . . . . . . . . . . . . 113

5.4.10 Operational Speed Analysis . . . . . . . . . . . 114 5.4.11 Robustness against Chosen Cipher Text and KnownPlaintext Attack . . . . . . . . . . . . . . . . . 114 5.5

Summary . . . . . . . . . . . . . . . . . . . . . . . . . 115

6 Chaos & DNA Computing

125

6.1

Chaos based Pseudo Random Bits Generation (PRBG) 127

6.2

The Encryption Scheme . . . . . . . . . . . . . . . . . 127

6.3

Experimental Results and Cryptanalysis . . . . . . . . 129 6.3.1

Key Space Analysis . . . . . . . . . . . . . . . . 130

6.3.2

Key Sensitivity . . . . . . . . . . . . . . . . . . 130 vi

CONTENTS

6.4

6.5

6.3.3

Differential Attacks . . . . . . . . . . . . . . . . 131

6.3.4

Statistical Attacks . . . . . . . . . . . . . . . . 132

6.3.5

Complexity: . . . . . . . . . . . . . . . . . . . . 133

Encrypted Audio Watermarking . . . . . . . . . . . . . 134 6.4.1

Steganography and Watermarking Embedding . 134

6.4.2

Audio Watermarking . . . . . . . . . . . . . . . 134

6.4.3

Discrete Cosine Transform(DCT) . . . . . . . . 135

6.4.4

Discrete Wavelet Transform(DWT) . . . . . . . 136

The Watermark Encryption Scheme . . . . . . . . . . . 137 6.5.1

6.6

Embedding Encrypted Watermark

Analysis of Watermark Embedding . . . . . . . 139

Summary . . . . . . . . . . . . . . . . . . . . . . . . . 141

7 Conclusions and Scope of Future Work 7.1

143

Conclusions . . . . . . . . . . . . . . . . . . . . . . . . 143 7.1.1

7.2

. . . . . . . 137

Experimental Results and Security Analysis . . . . . . 138 6.6.1

6.7

CONTENTS

Application in Watermark . . . . . . . . . . . . 145

Future Work . . . . . . . . . . . . . . . . . . . . . . . . 146

vii

CONTENTS

CONTENTS

viii

List of Figures

1.1

An overview of evaluation of encryption . . . . . . . . .

5

1.2

A simple encryption process . . . . . . . . . . . . . . .

7

1.3

A representation of security threats and policy . . . . .

9

1.4

The types of ciphers . . . . . . . . . . . . . . . . . . .

10

1.5

A graphical representation of symmetric key encryption

10

1.6

A typical representation of block cipher. . . . . . . . .

12

1.7

Structure of the DES . . . . . . . . . . . . . . . . . . .

13

1.8

General model of encryption and decryption method of stream cipher . . . . . . . . . . . . . . . . . . . . . . .

13

A typical asymmetric key cryptosystem . . . . . . . . .

14

1.10 A typical key exchange process . . . . . . . . . . . . .

15

1.9

1.11 Representation of steganography using LSB substitution

. . . . . . . . . . . . . . . . . . . . . . . . . . . .

17

1.12 The phase diagram of Logistic map with initial condition μ = 2.0 and x0 = 0.5 . . . . . . . . . . . . . . . . . ix

28

LIST OF FIGURES

LIST OF FIGURES

1.13 The Liapunov exponent of Logistic map . . . . . . . .

28

1.14 The phase diagram of 2D standard with initial condition k = 0.8 . . . . . . . . . . . . . . . . . . . . . . . .

30

1.15 Liapunov exponent of 2D Standard Map . . . . . . . .

30

1.16 The phase diagram of Arnold’s Cat map with initial condition x0 = 1 and y0 = 1 . . . . . . . . . . . . . . .

31

1.17 The phase diagram of PWLCM with initial condition x0 = 0.1 . . . . . . . . . . . . . . . . . . . . . . . . . .

32

1.18 Liapunov exponent of PWLCM with initial condition .

33

1.19 xn vs xn+1 plot of asymmetric tent map

. . . . . . . .

35

1.20 Probability density plot of asymmetric tent map . . . .

35

2.1

A typical model of modern symmetric key Crypto-systems 44

2.2

Flow chart of gray Code scrambling . . . . . . . . . . .

51

2.3

The quantum circuit . . . . . . . . . . . . . . . . . . .

51

2.4

Flow chart of Key based scrambling [Premaratne and Premaratne, 2012] . . . . . . . . . . . . . . . . . . . . .

2.5

Results of scrambling using different scrambling techniques on Airplane image: Original test image 1 . . . .

2.6

53

55

Results of scrambling using different scrambling techniques on Original test image 2 (Baboon image) . . . . x

57

LIST OF FIGURES

2.7

LIST OF FIGURES

Results of scrambling using different scrambling techniques on Original test image 3 (Lena image) . . . . . .

2.8

58

Results of scrambling using different scrambling techniques on Original test image 4 (Pappers image) . . . .

59

3.1

32-bit LFSR as used in the proposed algorithm . . . .

69

3.2

The lookup stage of RC4. The output byte is selected by looking up the values of S(i) and S(j), adding them together modulo 256, and then looking up the sum in S; S(S(i) + S(j)) is used as a byte of the key-stream K. 70

3.3

Proposed Encryption Algorithm Architecture . . . . . .

73

3.4

The decryption process for the encryption scheme . . .

76

3.5

Plaintext image 1 for test . . . . . . . . . . . . . . . .

77

3.6

After permutation image 1 . . . . . . . . . . . . . . . .

77

3.7

Encrypted Image 1 . . . . . . . . . . . . . . . . . . . .

78

3.8

Histogram of Plaintext image 1 . . . . . . . . . . . . .

78

3.9

Histogram of image 1 . . . . . . . . . . . . . . . . . . .

79

3.10 Plaintext test image 2 . . . . . . . . . . . . . . . . . .

79

3.11 After permutation test image 2 . . . . . . . . . . . . .

80

3.12 Encrypted test image 2 . . . . . . . . . . . . . . . . . .

80

3.13 Histogram of test image 2 . . . . . . . . . . . . . . . .

81

xi

LIST OF FIGURES

LIST OF FIGURES

3.14 Histogram of encrypted test image 2 . . . . . . . . . .

81

4.1

Graphical representation of overall process . . . . . . .

89

4.2

A representation of the substitution process with all the function. . . . . . . . . . . . . . . . . . . . . . . . . . .

91

4.3

Test results of test image 1 (cameraman image) . . . .

94

4.4

Test results of test image 2 (lena image) . . . . . . . .

95

4.5

Test results of test image 3 (lighthouse image) . . . . .

96

4.6

Test results of test image 4 (peppers image) . . . . . .

97

5.1

The encryption and description process . . . . . . . . . 106

5.2

The test result of lena image . . . . . . . . . . . . . . . 107

5.3

The test result of Cameraman image . . . . . . . . . . 108

5.4

The test result of Baboon image . . . . . . . . . . . . . 109

5.5

The test result of Barbara image . . . . . . . . . . . . 110

5.6

The test result of Goldhill image . . . . . . . . . . . . . 111

6.1

PRBG based on Cross Coupled Logistic Map . . . . . . 127

6.2

Schematic layout diagram of the proposed scheme . . . 128

6.3

The test result of lena image . . . . . . . . . . . . . . . 129

6.4

The test result of airplane image . . . . . . . . . . . . . 130

6.5

The test result of baboon image . . . . . . . . . . . . . 131 xii

LIST OF FIGURES

LIST OF FIGURES

6.6

The watermark embedding and extraction process . . . 135

6.7

Watermarking using discrete cosine transform . . . . . 135

6.8

Schematic layout diagram of the proposed scheme . . . 139

6.9

Sound waves of original and watermarked signals . . . 140

6.10 (a) Original Watermark (b) Watermark obtained from filtered signal . . . . . . . . . . . . . . . . . . . . . . . 141

xiii

LIST OF FIGURES

LIST OF FIGURES

xiv

List of Tables

2.1

Comparative results of operation . . . . . . . . . . . .

2.2

Comparative results of correlations and entropy. (Cor-

60

relation between current pixel and horizontal/diagonal/vertical pixel is found by choosing 1000 random pixels) . . . . .

61

4.1

Operation selection . . . . . . . . . . . . . . . . . . . .

92

4.2

Result of security analysis on four different images . . .

98

5.1

Correlation coefficient test results and comparison . . . 116

5.2

Exprimented values of MSE and Peak Signal to Noise Ratio . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

5.3

Entropy The test results and comparison with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b] . . . . . . . . . . . . . . . . . 118

5.4

NPCR (%) test results and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b] . . . . . . . . . . . . . . . . . . . . 119 xv

LIST OF TABLES

5.5

LIST OF TABLES

UACI test results and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b]

. . . . . . . . . . . . . . . . . . . . . . . 120

5.6

Maximum Deviation test results . . . . . . . . . . . . . 121

5.7

Irregular Deviation . . . . . . . . . . . . . . . . . . . . 122

5.8

Computation time of different size of images . . . . . . 123

6.1

Results of different statistical test . . . . . . . . . . . . 133

6.2

SNR and RMS error result . . . . . . . . . . . . . . . . 141

xvi

Dedicated to Bedansh and Bedanshi ...

xvii

xviii

Preface This book presents research on design and analysis of lightweight image encryption techniques. Traditionally, cryptographic primitives are designed to protect data and keys against adversaries. In such a context, an adversary has knowledge of the algorithm and may examine various inputs to and outputs from the system, but has no access to the internal details of the secret key. In contrast, the goal of new chaos based encryption is to provide a degree of robustness against attacks and execute with low computational overhead. Modern cryptography schemes are based on confusion (permutation) and diffusion (change of values) using pseudo random number sequences. We have designed a few Pseudo Random Number Generators (PRNG) and applied them to develop new chaos based algorithms. Chaotic maps and Linear Feedback Shift Register (LFSR) are used for design of PRNG as they show high randomness and runs on low complexity. It has been found that the strength and complexity of our encryption algorithms are highly depend on quality PRNG used. On the other hand, for diffusion process, techniques like XOR, DNA computations, and genetic operations are used which have very low computational overhead. In all the conditions, effort was made to reduce the overall computational complexity of the algorithms and maintaining their strength against attacks. Further, one of these proposed algorithms was used for watermark encryption. The designed algorithms are showing promising results even they run with low computational complexity. The proposed algorithms are also suitable for resource constrained devices and may be modified for encryption of color images, audio, video or text.

1

2

LIST OF TABLES

Chapter 1 Introduction With the rapid development of computer technology and communication networks, more and more people and organizations rely on the Internet to transmit important information. However the hackers can intrude into the computer network systems to steal or corrupt the important information, which can cause great loss to organizations as well as individuals. Hence information security has become a very important issue in modern society. Many techniques have been developed to protect the secrecy of information including visual cryptography, steganography, secret sharing, and other encryption techniques. In modern life, cryptography is used widely for protecting sensitive information. Some of the most popular use of encryption are in network security for professionals and organizations, privacy and safety for the common people like online credit card transactions, bank ATM, instant mobile recharge, pre-paid electricity coupons, pay TV-channel etc. This chapter starts with a very short history of cryptography in section 1.1 followed by the definition of cryptography in section 1.2, objectives in section 1.3 and different types of cryptography in section 1.4. Further, the tests for majoring quality of encryption algorithms are discussed in section 1.5 and a short introduction to chaos theory is given in section 1.6. Finally, the outline of the book is presented 3

CHAPTER 1. INTRODUCTION

4 in section 1.7.

1.1

A Short History

From the beginning of the human civilization, people have been using various techniques to protect information from the unintended individuals. Therefore the cryptography is an age old practice. The methods used for encrypt information evolved with the modernization of civilization and technological improvements. The history of cryptography may roughly be divided into three parts, the manual era, the mechanical ear and the modern era.

The Manual Era One of the oldest cipher documented is the Hieroglyph, which was a script used by the ancient Egyptians in 1900 BC. Another cipher Skytale, was used by the Spartans in 700 B.C. in Greece. The Skytale, transposes the characters by changing the position of the letters in the text of the message. In this method, the key is equal to the distance between the original and substituted character. The practical size of the key space is very small. The maximum key space may be of 25 for English alphabets. Later in 100-44 B.C., Julius Caesar invented a method called The Caesar cipher [Kahn, 1996] based on character substitution again, the key space becomes 26 for English alphabets. Further, in 1791-92 AD in French, a substitution cipher is found used by queen Marie-Antoinette and count Axel von Fersen, known as Fersen cipher. In some literature, these techniques are termed as classical cipher.

The Mechanical Era This age of encryption is called mechanical era because most of the techniques developed was based on rotor machines. An advanced encryption method was invented

1.1. A SHORT HISTORY

5 Ciphers

Classical

Substitution

Transposition

Rotor Machines

Modern

Public Key

Secret Key

Stream

Block

Figure 1.1: An overview of evaluation of encryption in Germany in 1920 AD, just before second World war called Enigma Code [Kruh and Deavours, 2002]. Enigma played a great role in second world war. It was a rotor machine with a keyboard, 3 scramblers, a reflector and a lamp-board, contained in box weighing 12 kg. That time it was so strong that Americans, French and British failed to break. but in 1932 the Enigma code was Broken by the Polish [Rejewski, 1981] and in 1939 it was handed over to the British. Again just before second World war in 1940 AD, the Germans invented the Lorenz cipher a machine with metal base of 48cm × 39cm × 43cm. It generated a pseudo-random character stream that was XOR-ed with the input characters to form the output characters. The Lorenz cipher was used for high level communications of German Army and was badly broken by British mathematician William Tutte [Budiansky, 2000].

The Modern Era The modern cryptology is attributed to Claude Shannon, the father of mathematical cryptography. His seminal paper, “Communication Theory of Secrecy Systems”, in Bell System Technical Journal, 1949 is the milestone of modern cryptography [Shannon, 1949]. In 1971, Horst Feistel along with his colleagues at IBM proposed a modern


6

block cipher called as Lucifer feistel1974block. The Lucifer was an substitution based cipher with 128 bit key (72 bit sub-key). The algorithm comprised of 16 rounds. Latter the Data Encryption Standard (DES) was developed based on Lucifer [Tuchman, 1998, Liardet and Teglia, 2010]. In 1977 Ron Rivest, Adi Shamir, and Leonard Adleman proposed the most widely used public key scheme RSA [Rivest et al., 1978]. The RSA was based on integers modulo and prime numbers. Factoring large numbers needs comparatively high computational cost which makes the RSA unsuitable for large size data encryption. In 1984 Taher Elgamal proposed another public key encryption scheme based on Diffe-Hellman scheme [Diffie and Hellman, 1976] [Elgamal, 1985]. In 1988, Daemen Joan and Rijmen Vincent proposed another comparatively faster block cipher (block size 128 bit) named Rijandeal with key sizes 128bit, 192 bit, 256 bit [Daemen and Rijmen, 1991]. The algorithm was found secure that time. Latter NIST approved a modified version of Rijandeal, named as Advanced Encryption Standard (AES) [Daemen and Rijmen, 2002a].

1.2

Cryptography

Cryptography is the art of science for converting plain text to unrecognizable or unintelligible cipher text and vice versa using some secret key. The cipher text must be decryptable only by correct secret encryption key. A cryptographic system must generate code providing confidentiality, data integrity, authentication, non-Repudiation.

Cryptanalysis is the study of finding vulnerabilities of an encryption algorithm and breaking the cipher without correct encryption key.

Cryptology is the combination of cryptography and cryptanalysis.


8

of security is crucial. Performance can be stated in terms of power and energy consumption, latency, and throughput. The resources required for a hardware implementation are usually summarized in gate area, gate equivalents, or logic blocks (also known as configurable logic blocks, logic elements, adaptive logic modules or slices). In software, this is reflected in register, RAM and ROM usage. Resource requirements are sometimes referred to as costs, as adding more gates or memory tends to increase the production cost of a device. One of the most important techniques is LWC which is a cryptographic algorithm or protocol tailored for implementation in constrained environments including RFID tags, sensors, contactless smart cards, health-care devices and so on. Devices like servers, desktop computers, tablets and smartphones conventional cryptographic algorithms generally perform. On other hand devices like embedded systems, RFID devices and sensor networks, highly resource constrained devices need LWC LWC is a subarea of cryptography aiming to provide security for resourceconstrained devices. A significant amount of research have been done by the research community on LWC; this includes efficient modification of conventional cryptography schemes, and the design and analysis of new LWC algorithms and protocols. Lightweight cryptography is a cryptographic algorithm or protocol, that runs with low computational cost. It is suitable for implementation in resource constrained environments, such as, • Internet of Things (IoT) devices, • Wireless Sensor Network (WSN) nodes (sensors), • contactless smart cards, • Radio-frequency identification (RFID) tags and so on. Lightweight cryptographic system can be generated using chaotic maps, LFSR,

1.4. TYPES OF CRYPTOGRAPHY TECHNIQUES

11

the message m using a secret key K to generate the cipher c. The cipher c sent through the public channel to the receiver (Bob). Since the receiver have access to the secret key K, he may decrypt the cipher c using the key K. In this case the encryption and decryption system is symmetric, that is, both parties have equal rights over the key. Shannon [Shannon, 1949] proved the strength of symmetric key encryption using one time pad (OTP). In his scheme, XOR was used, based on the logic if c = m ⊕ K then m = c ⊕ K.

Block Cipher The message (m) of size N is divided into fixed length group of (n) bits (called blocks). Traditionally each block is encrypted with the same key. Encryption involves complicated mixing of the plaintext m with the key K. A typical representation of Block cipher given in Fig.

1.6. Some of the widely used block ciphers

are Data Encryption Standard (DES)[Feistel, 1974], Advanced Encryption Standard (AES) [Daemen and Rijmen, 1991]. The DES and AES algorithms are discussed in the next chapter. A sketch of a substitution-permutation network with n rounds is presented in Fig. 1.6. It encrypts a plaintext block of N bits into a ciphertext block of N bits. The S-boxes are the Si ’s, the P-boxes are the same P , and the round keys are the Ki ’s.

The Data Encryption Standard (DES) DES takes a secret message as input that will be encrypted by using secret key in 16 rounds. The secret message is divided into 64-bits blocks for encryption purpose. In general, a 64-bit key is used as input for DES, of which only 56-bits are used (16 subkeys for 16 rounds, with 48-bit each, will then be created from this 56-bits). In each round the block of the message is divided into two halves. The right half is expanded from 32 to 48 bits using a fixed table. The result is combined with the subkey for that round using the XOR operation. Using S-boxes the 48 resulting bits are then transformed again to 32 bits, which are subsequently permuted again using yet another fixed table. In


12

Key

P laintext

⊕ S1

S2

K0

S3

S4

P

S1

⊕

K1

⊕

Kn−2

S2

S3

S4

P

⊕ S1

S2

Kn−1

S3

⊕

S4 Kn

Ciphertext Figure 1.6: A typical representation of block cipher.

this way thoroughly shuffled right half is now combined with the left half using the XOR operation. In the next round, this combination is used as the new left half.


16 Watermarking

Watermark is the most popular way to authenticate the source of digital information by embedding copyright information onto the digital data. A variety of watermark algorithms are proposed to meet the demand [Karmakar et al., 2016, AL-Nabhani et al., 2015]. Watermarking may be applied on image, audio or video. A good watermark technique must protect the watermark data from noise and signal deformation. The properties of a good watermark technique are imperceptibility, robustness and safety [Zhou and guo Shi, 2012, Katariya, 2012]. A class of watermarking schemes use the original signal for detection of watermark, which are known as private or non-oblivious schemes [I. J. Cox and Shamoon, 1997]. On the other hand, the oblivious or blind methods [O’Ruanaidh and Pun, 1997] [Nikolaidis and Pitas, 1998, Lin et al., 2001, Wang et al., 2002] do not need the original signal. Watermark techniques may also be classified into two types. One embeds data in the special domain by changing the selected sample [Tefas and Pitas, 2001]. Other works in some suitable transformation domain like DCT [I. J. Cox and Shamoon, 1997, Barni et al., 1998], Discrete Fourier Transformation (DFT) [Solachidis and Pitas, 2001, Ruanaidh et al., 1996, Lei et al., 2016], or DWT [Wang et al., 2002, Tsekeridou and Pitas, 2000], modifying the coefficient value.

Steganography Steganography is the practice of concealing messages or information within other nonsecret text or media. It has been proposed as a technique of transmitting data (image) by embedding into a cover media like image, audio or video etc. So, the Steganography techniques conceal the existence of secret data from the undesired users. Several steganography schemes have been proposed in literature for transmission of secret images [Bohme and Keiler, 2007, Wang et al., 2000]. A most widely used steganography method is the least significant bit (LSB) substitution technique [Chan and Cheng, 2004]. It is observed that first three LSB bit planes

1.4. TYPES OF CRYPTOGRAPHY TECHNIQUES

17

Figure 1.11: Representation of steganography using LSB substitution

appears randomly while the rest of the bit planes carries most of visual information. So modifying the first three LSB bits of the cover image will hardly degrade the quality of the stego-image. If we change the most significant bit (MSB), the cover image will degrade the quality of the stego-image since maximum amount of important information is carried by the MSB. For this reason, the LSB substitution is used which embeds sensitive data into parts of LSB of the cover image. The process of the LSB substitution scheme is depicted in Fig. 1.11. This figure shows a secret message of 8 bits embedded into the sub-image of size 2 × 2 by replacing first two LSBs of each pixel. The secret message bits are embedded into the cover image, called the stego-image. The secret message extraction process from the stego-image is a straight forward process where the secret message bits are sequentially extracted from the concealed LSBs of each pixel in the stego-image. In the LSB substitution scheme, both the hiding and the retrieval processes are lightweight operations. Thus, the overall LSB substitution process is very simple and lightweight [Mondal and Singh, 2013].


18

1.5

Methods of Tests for Quality of Encryption Algorithms

This section enumerates a details list of modern tests and attacks in cryptography. The described tests are used to measure the strength and quality of any encryption algorithm [Ahmad and Ahmed, 2012].

1.5.1

Statistical Frequency Attack and Histogram analysis

Histogram is a set of rectangles with their base equal to class interval and height proportional to class frequency. Histogram analysis is study of frequency of pixel values of the cipher image and plain image. A uniform distribution of pixel values in the cipher image makes the frequency attack difficult [Biryukov and Kushilevitz, 1998].

1.5.2

Known-Plaintext and Chosen Ciphertext Attack:

The most common attack is known plaintext attack and chosen ciphertext attack. In chosen ciphertext attack, a set of keys and a selected set of ciphertext are available with the attacker. The attacker tries to decrypt the ciphertext by applying the keys randomly. It may be possible only when the attacker does the operations in correct sequence with correct key. In case of known plaintext attack, some portion of plain text and corresponding ciphertext are available with the attacker. The attacker tries to find out the encryption key by applying some statistical analysis on the plain text and cipher text. The proposed algorithm is robust against these attacks since the scheme needs correct sequence of operations with correct keys to decrypt any ciphertext.

1.5. METHODS OF TESTS FOR QUALITY OF ENCRYPTION ALGORITHMS19

1.5.3

Information Entropy Analysis

The information entropy is defined as the degree of uncertainties in the system. The greater the entropy, the more is the randomness in the image, or the image is more uniform [Dodis and Smith, 2004]. Thus statistical attacks become difficult. Entropy is defined as in Eq. 1.1 [Shannon, 1949].

H(m) =

N −1 2

p(mi ) × log2

i=0

1 p(mi )

(1.1)

where p(mi ) is the histogram counts returned from histogram. For an ideal random image, the entropy is calculated to be 8. Therefore, for better is the randomness in the image, the entropy should be closer to 8, .

1.5.4

Perceptual Security: Peak Signal-to-Noise Ratio (PSNR)

Peak Signal-to-Noise Ratio (PSNR) is one of the most important index for encryption quality. It is a measurement which indicates the changes in pixel values between the plaintext image and the ciphertext image. The low value of PSNR indicates good quality of encryption and a high value indicates better perceptual security. Mathematically represented as Eq. 1.2 P SN R = 10 × log10

M × N × 2552 M −1 N −1 2 i=0 j=0 (P (i, j) − C(i, j))

(1.2)

where M is the width and N is the height of digital image. P (i, j) is pixel value of the plaintext image at grid (i, j) and C(i, j) is pixel value of the ciphertext image. The lower value of PSNR represents better encryption quality.


20

1.5.5

Known plain text attack and correlation coefficient

In any image the adjacent pixels are highly correlated, which gives attacker to apply known plain text attack to break the cipher. Therefore, the encryption system must ensure lowest possible correlation between the adjacent pixels in the cipher image [Siegenthaler, 1984]. In this book, correlation between vertical neighbor pixels, horizontally neighbor pixels, diagonally neighbor pixels and between the same pixels of the original and the encrypted image are analyzed. To calculate 1000 to 2000 pairs of two-adjacent pixels were randomly selected in vertical, horizontal, and diagonal direction. It is calculated by the Eq. 1.3 [Sutton et al., 2009, Elkamchouchi and Makar, 2005]. Cov(x, y) σ x × σy

r=

V AR(x) =

N 1 (xi − E(x))2 N i=1

σx = σy = Cov(x, y) =

V AR(x)

V AR(y)

N 1 (xi − E(x))(yi − E(y)) N x=1

(1.3)

(1.4) (1.5) (1.6) (1.7)

where r is correlation coefficient and Cov is covariance at pixels x and y, where x and y are the gray-scale values of two pixels in the same place in the plaintext and ciphertext images. V AR(x) is variance at pixel value x in the plaintext image, σx is standard deviation, E is the expected value operator and N is the total number of pixels for N × N matrix.


1.5.6

Maximum Deviation

This measurement technique measures the quality of encryption based on the deviation between the plaintext and ciphertext. The more the ciphertext is deviated from the plaintext, the better is the encryption algorithm. The high amount of irregularity and deviation of pixels among the original plain text and cipher image provides good quality of encryption. First the histogram for plaintext image and the encrypted image is taken and their difference is calculated. Let di be the absolute difference between the two histograms for intensity i, then maximum deviation, D is calculated as shown in Eq. 1.8 d0 + d255 + di 2 i=1 256

D=

1.5.7

(1.8)

Irregular Deviation

An important property of encryption is that the plain pixels should have uniform probability distribution to effect all pixels uniformly during encryption process. If the encryption technique considers the plain image as source of random values, the deviation will have uniform distribution. The irregular deviation is a measure of uniformity of distribution in the histogram. The uniform distribution of irregular distribution demonstrates the good quality of the encryption algorithm. First the absolute difference of the plain text image and the encrypted image is taken and its histogram, H is calculated. The average value (MH ) for H is calculated as in Eq. 1.9 and Eq. 1.10. 1 hi 256 i=0 255

MH =

(1.9)

where hi is the amplitude of the histogram at index i. Thereafter, irregular mean


22 deviation is calculated as Id =

255

|hi − MH |

(1.10)

i=0

1.5.8

Brute-force Attack, Exhaustive Key Search and Key Space Analysis

In brute-force attack, the adversary (attacker) repeatedly attacks with different keys to reveal the secret. The adversary always attacks with keys from the key space K of the encryption algorithm. Therefore, a large key space prevents the brute-force attack by giving numerous choices of keys such that all the possible keys cannot be tried by the attacker in feasible time. An encryption system with 128 bit key provides 2128 = 3.402823669 × 1038 key space [Adleman et al., 1999]. If the attacker employs a 1000 MIPS computer to guess the key by brute force attack, the computational load in year is;

1000 ×

106

2128 > 10.7902831 × 1021 years × 60 × 60 × 24 × 365

(1.11)

In the algorithms discussed the initial conditions, some initial vectors act like keys and the key space is analyzed based on them. In all the the encryption schemes proposed in this book have large key space which defy all brute force and exhaustive attacks.

1.5.9

Key Sensitivity Analysis

The system is very sensitive to the initial conditions which form the cipher key for the encryption/decryption process. Certain tests were done to examine the sensitivity of the key. If we increase the value of x0 by −1e10 in the decryption process, causes the decrypted image is completely changed and is unrecognizable.


1.5.10

Chosen Plaintext Attack and Differential Cryptanalysis

Differential attacks is the study of how differences in an input can affect the resultant difference at the output. Attackers take a pair of images which differ in small magnitude and then generate their cipher images from the same algorithm. Then they compare the two encrypted images, hoping to detect statistical patterns in their distribution. There are two methods used to find performance against differential attacks [Biham and Shamir, 2012, Hermassi et al., 2011]. Let C1 and C2 be two different cipher-images whose corresponding plaintext images differ by only one bit. Label the gray scale value of the pixel at grid (i, j) in C1 and C2 by C1 (i, j) and C2 (i, j) respectively. Define an array, D, the same size as images C1 and C2 . Then D(i, j) is determined by Eq. 1.5.10. ⎧ ⎨ 0 D(i, j) = ⎩ 1

if C1 (i, j) = C2 (i, j) if C1 (i, j) = C2 (i, j)

Number of Pixel Change Rate (NPCR): It measures the percentage of different pixels between two cipher images whose plane images have only one pixel difference [Wu et al., 2011]. Larger value (≈ 100%) reflects better quality of encryption. NPCR is calculated using Eq. 1.13 N P CR = U ACI =

i,j D(i, j) × 100% M ×N

C1 (i, j) − C2 (i, j) 1 × 100% M × N i,j 255

(1.13) (1.14)


24

Unified Average Changing Intensity (UACI): It measures the average intensity of differences between two cipher images [Wu et al., 2011]. UACI is calculated using Eq. 1.14. The higher value of N P CR (nearly 100%) and U ACI demonstrate good quality of encryption.

1.5.11

Diffusion Characteristics and Avalanche Effect

A good cryptosystem must ensure a good diffusion. A change of one bit in the plaintext should change the ciphertext completely in an unpredictable manner. Diffusion characteristics of an image encryption algorithm means that the output pixels of ciphertext image should depend on the input pixels of plaintext image in a very complex way. A small change in the key or plaintext should cause significant change in cipher image. Strict avalanche requires at least 50% bit change in ciphertext for 1 bit change in the plaintext. Avalanche effect or Mean Squared Error may be expressed as Eq. 1.15. Let C1 and C2 are two ciphered images with key differing in a single bit.

M SE =

−1 N −1 M 1 [C1 (i, j) − C2 (i, j)]2 M × N i=0 j=0

(1.15)

A value of M SE ≥ 30dB demonstrate acceptable avalanche effect.

1.6

Chaos Theory

“Chaotic” or non-linear dynamics is perhaps one of the most important “discovery” for describing natural systems in the 20th century! Chaos and order are opposites in the Greek language. Chaos is long term, non-periodic behavior that exhibits sensitive dependence

1.6. CHAOS THEORY

25

on initial conditions which implies that nearby trajectories diverge exponentially fast over time (Strogatz 320). This means if one begins with two near identical states, they will arrive at two drastically different states after iterating them over some chaotic function. Mathematicians James Maxwell and Henri Poincare, during 1860s, developed ideas regarding sensitive dependence on initial conditions. However, it was not popular until Edward Lorenz [Lorenz, 1963] used formal mathematics to explore this new and exciting field. Definition: A chaotic system is nonlinear, dynamic, deterministic, aperiodic system. Behavior of the system is highly sensitive to the initial condition [Parker and Chua, 1987]. The theory of chaos was initiated when the American mathematician and meteorologist Edward Norton Lorenz at MIT during his experiments with Computer weather-model had changed initial decimal accuracy and he found completely different result from the system. Latter Jules Henri Poincaré, the French Mathematician, physicist, philosopher of science discovered first chaotic deterministic system in 1880s. Werndl et. al. [Werndl, 2009] discussed some implications of chaos for unpredictability. Chaos is a deterministic, random-like process found in non-linear, dynamical system, which is non-period, non-converging and bounded. Moreover, it has a very sensitive dependence upon its initial condition and parameter [Schuster and Just, 2006]. A chaotic map is a discrete-time dynamical system, defined as: xk+1 = τ (xk ), x ∈ (0, 1), k = 0, 1, 2, 3 . . .

(1.16)

The chaotic sequences xk : k = 1, 2, 3. . . are uncorrelated when their initial values are different and their values spread over the entire space [Wang et al., 2006] [Wu and Rul’kov, 1993].


26

1.6.1

Performance Evaluation of Chaotic Maps

The chaotic property of any chaotic map can be demonstrated using phase diagram and Lyapunov exponents which are discussed below

1

.

Phase Diagram The attractors of a chaotic map can be demonstrate using phase diagram. The attractors of map is distribute in larger regions which means that they have better ergodicity and larger key space. In addition, if the attractor of a map is symmetrical about both the x-axis and y-axis, then it is suitable for design in generating pseudorandom sequence generator.

Lyapunov Exponents Lyapunov Exponents (LEs) [Wolf et al., 1985] are an important indicator to assess the dynamical behavior of a chaotic system, and maximum Lyapunov exponent (MLE) is concerned with its predictability. The LEs λ1 and λ2 distribution of different chaotic maps are shown in latter sections. Discrete one dimensional maps or fixed point iterations xn+1 = f (xn ) with an orbit starting at x0 can be translated into Eq. 1.17. N −1 1 ln |f (xi )| N →∞ N i=0

λ(x0 ) = lim

1.6.2

(1.17)

Logistic Map

Logistic map [Wang and Wang, 2014], [Jakimoski and Kocarev, 2001] is one of the simplest chaotic maps, described by Eq. 1.18 [Boeing, 2016]. 1 Some part of this section was published in “Bhaskar Mondal and Tarni Mandal, “Study of Phase Diagram and Lyapunov Exponents of Some Chaotic Maps”, International Conference on Mathematics & Computer Science - 2017 ”, Jyoti Nivas College, Bangalore, India, Feb 16-18, 2017

1.6. CHAOS THEORY

27

xk+1 = f (x) = μxk (1 − xk )

(1.18)

μ ∈ (0, 4), xk ∈ (0, 1) when μ ∈ (3.5699456, 4), the map is in chaotic state. The logistical map provides valuable characteristics like simple structure, extreme sensitivity to initial conditions. In general, two chaotic sequences beginning with different initial values are not statistically correlated. It has some identical statistical characteristics with the white noise. Hence, chaotic signals can be used in communication [Wang et al., 2006]. For the logistic map, we have an equilibrium point at x0 = 1 − 1/μ. The derivative of f at that point is: f (x0 ) = μ(1 − 2x0 ) = μ(1 − 2(1 −

1 )) μ

(1.19)

= −μ + 2 Hence, |f (x0 )| < 1 if |2 − μ| < 1. Thus this equilibrium point is stable if 1 < μ < 3. It is unstable for μ > 3, and for μ < 1. So the “behavior” of the function changes at μ = 1 and μ = 3 which are called bifurcation points. The phase diagram of logistic map with initial condition μ = 2.0 and x0 = 0.5 is shown in Fig. 1.12. The Lyapunov exponent of Logistic map can be described as Eq. is plotted in Fig.

1.20. It

1.13 with initial condition x0 = .7 and control parameter μ =

3.99997. The Lyapunov exponent is calculated as 0.690193. N −1 1 ln |r(1 − 2xi )| N →∞ N i=0

λ(r; x0 ) = lim

(1.20)

28


Figure 1.12: The phase diagram of Logistic map with initial condition μ = 2.0 and x0 = 0.5

Figure 1.13: The Liapunov exponent of Logistic map

1.6. CHAOS THEORY

1.6.3

29

2D Standard Map

2D standard map [Lian et al., 2005, Patidar and Sud, 2009] also known as Chirikov standard map is one of the popular chaotic map. This map can be used as random number generator in the encryption schemes. The system of equations is described in Eq. 1.21 and 1.22.

X1,n+1 = (X1,n + K sin Y1,n ) Y1,n+1 = (Y1,n + X1,n+1 )

mod 2π mod 2π

(1.21) (1.22)

The set of initial conditions (X1,0 , Y1,0 ∈ [0, 2π]) and K is a stochastic parameter. The chaotic region in the phase space increases with increase in value of K. The bit sequence from the equations given above is generated in the following manner as in Eq. 1.23. The phase diagram of 2D standard with initial condition k = 0.8 in Fig. 1.14.

H(X2,n+1 , Y1,n+1 ) =

⎧ ⎪ ⎪ ⎨1, if X2,n+1 > Y1,n+1 ⎪ ⎪ ⎩0, if X2,n+1 ≤ Y1,n+1

(1.23)

Liapunov exponent of 2D standard map is plotted with initial condition T = 5, M = 105 , = 10−10 , and p(0) = 0.1, q(0) = π, between K = 0 and K = 500

1.6.4

Arnold’s Cat Map

Cat map [Chen et al., 2014], also known as Arnold transform was proposed by V.I. Arnold in his research of ergodic theory. A process of splicing and clipping to realign the digital image matrix is called transformation. The 2D Arnold transform is an invertible map described by Eq. 2.3. The phase diagram of Arnold’s cat map with

1.6. CHAOS THEORY

31

where (xn , yn ) ∈ [0, 1) × [0, 1)

It can be applied to scramble digital images sized N × N by the discrete form in Eq. 1.25:

xn+1 yn+1

=

11 12

xn yn

mod N

(1.25)

where (xn , yn ) ∈ [0, N − 1] × [0, N − 1]

Figure 1.16: The phase diagram of Arnold’s Cat map with initial condition x0 = 1 and y0 = 1

1.6.5

Piecewise Linear Chaotic Map (PWLCM)

PWLCM [Wang and Xu, 2014] demonstrates uniform invariant distribution and properties like randomness, determinacy, and uncertainty. Therefore the map is capable of generating highly random sequence, which is important for cryptography.


32 PWLCM can be defined as Eq. 1.26 ⎧ ⎪ ⎪ ⎪ xqn , ⎪ ⎪ ⎨ xn+1 = F (xn , q) =

if xn ∈ [0, q)

xn −q , if xn ∈ [q, 0.5) 0.5−q ⎪ ⎪ ⎪ ⎪ ⎪ ⎩F (1 − x , q), if x ∈ (0.5, 1) n n

(1.26)

where xn belongs to (0, 1). When the control parameter q belongs to (0, 0.5), (1), the map evolves into a chaotic state. The phase diagram of PWLCM with initial

Figure 1.17: The phase diagram of PWLCM with initial condition x0 = 0.1

condition x0 = 0.1 is given in Fig. 1.17. The Lyapunov exponent (LE) given by Eq. 1.27 is a quantitative measure of the divergence due to the sensitive dependence on the initial conditions. It reflects the average exponential rate of the separation of two initial conditions.

LE =

k i=1

Δ(qi ) ln |f (qi )|

(1.27)


34

1. There is a set of partitions 0 = x0 < x1 < x2 · · · < xN = 1 such that restricted to each of the intervals partition elements Ii = xi−1 , xi ) where 1/f (a) is bounded and ∃μ > 1 and an integer p which derives to d p f (a) ≥ μ dx which can be expressed in the below Eq. 1.30 f (a) = ΣN i−1 fi (a)X(a)

(1.30)

So the map is eventually expanding. 2. The map is affine and piecewise-linear as fi = δi x + bi . 3. It is a Markov map as the partition points map to themselves f (xi ) = aj for some j. The map generates PRNS due to the above properties and caters the cryptographic requirments in this scheme well. The asymmetric tent map with p = 0.7 is given in Fig. 1.19 and probability density function of asymmetric tent map is given in Fig. 1.20.

1.7

Outline of The book

• chapter 1: Introduction: A brief introduction to cryptography, security measure and introduction to chaos theory with the study of phase diagram and Lyapunov exponent is presented. Here an overview of the book is discussed as outline of the book. • Chapter 2: Literature Survey This chapter presents a detailed literature survey on the field of cryptography. Further, a comparative study on cryptographic image scrambling is presented.

1.7. OUTLINE OF THE BOOK

35

1 0.9 0.8

0.7 0.6 0.5 0.4 0.3 0.2 0.1 0

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Figure 1.19: xn vs xn+1 plot of asymmetric tent map

1.4

1.2

1

0.8

0.6

0.4

0.2

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Figure 1.20: Probability density plot of asymmetric tent map


36

• Chapter 3: A Secure Image Encryption Algorithm using LFSR and RC4: This chapter presents a secure image encryption algorithm using Linear Feedback Shift Register (LFSR) and RC4. Experimental results and security analysis of the proposed scheme show that the proposed scheme is efficient and secure. • Chapter 4: A Chaos based Secure Image Encryption Algorithm: This chapter presents a chaos based secure image encryption algorithm. The encryption process has been implemented and tested with most of the difficult test suite which have been used to set the standard in the domain of image encryption. The results of these tests are extremely promising and hence prove the capability of this encryption algorithm. • Chapter 5: A Secure Image Encryption Scheme using Chaos and Wavelet Transformations: This chapter furnishes an enhanced secure encryption scheme to assure the confidentiality of images at the time of transmission or storage. The presented scheme has comparatively low computational overhead as it uses 2D DWT for decomposition of the image and chaotic maps for generating pseudo random numbers sequence (PRNS). The statistical tests of the proposed scheme demonstrates promising results. The cipher image produced has a very low correlation with the plain image and has high values of entropy, making it unpredictable and difficult to detect redundancies in the image pixel values. • Chapter 6: A Lightweight Secure Image Encryption Scheme and it’s Application in Watermarking Based on Chaos & DNA Computing: This chapter presents a new lightweight cryptographic scheme for secure image communication. Further, this chapter presents an effective use of the encryption algorithm in audio watermarking. The test results are promising and the watermarked audio does not loose its quality. • Chapter 7: Conclusion and Scope of Future Work: Lastly, a conclusion is

1.7. OUTLINE OF THE BOOK

37

presented on the findings in this book. This captures the achievements in the topics described above, and elaborates on the interpretation of the results. This chapter also presents an overview of directions for future research.

38


Chapter 2 The State of Art In the last three decades a variety of encryption algorithms have been proposed to meet the demand of information security on the public network. Researchers have proposed various algorithms for image encryption by modifying the statistical and visual characteristics of the plain image based on chaotic systems [Wang et al., 2011, Mirzaei et al., 2012, Zhu and Wang, 2010]. Image encryption schemes were also developed using finite field transformation. In [Lima et al., 2013], the authors used finite field cosine transformation in two stages. In the first stage, image blocks of the plain image are transformed recursively. In the second stage, positions of the image blocks are transformed. In [Wang et al., 2012], the authors proposed a scheme based on chaotic system for the encryption of RGB components on color images. Their scheme encrypts the RGB components of color image at the same time and make the three components affect one another. The combined permutation and diffusion stages effectively reduce the correlations between RGB components. In [Wang and Wang, 2014], image encryption scheme using dynamic s-box was proposed. However, performance and security of s-boxes for stream cipher are not compared with other schemes. In [Zhou et al., 2014], the authors proposed an encryption-then-compression (ETC) scheme based on image predictor, GAP and permutation. The permutation 39

CHAPTER 2. THE STATE OF ART

40

(row and column shifting) is conducted over the prediction error domain. Finally, context-adaptive arithmetic coding (AC) is applied to compress the encrypted data. In [Rahmani et al., 2014], the authors proposed a new scheme to improve the efficiency of a homomorphic cryptosystem known as TSZ (To, Safavi-Naini, and Zhang), which combines TSZ with a cryptography technique in order to use the advantages of Genetic Algorithms and homomorphic cryptosystem. The authors claim that the scheme is useful for Big Data. In [Biswas et al., 2015], the authors proposed an encryption scheme using chaotic map and genetic operations for Wireless Sensor Networks (WSN). The initial parameters are pre-distributed using a secure channel or a key exchange mechanism, which uses elliptic curve over prime field for key establishment. For generating pseudo-random sequences, it uses N-logistic tent map. Genetic operations are used for encrypting the pixel values. However, it is found that genetic operations do not generate a quality encryption effect. Since this algorithm uses blocks of plaintext, it requires padding when the size of plaintext is smaller than the size of the predefined blocks. The whole encryption process is repeated for each block of the plaintext. Each of these blocks requires 256 bit pseudo random bit sequence, which is independent of the sequence generated for the previous block. So, for a sufficiently large image as 512 × 512, the generation of sequence takes considerable amount of time. To achieve a fair encryption effect, the scheme takes n numbers of iterations, where n is the numbers of bytes in the block to be encrypted. The crossover operation is done repeatedly so that each byte in mutated plaintext performs the operation at least twice. Hence a higher value of n leads to exponentially high computational overhead. In [Parvin et al., 2014], the authors proposed a scheme based on two chaotic functions and logical operator XOR. Image encryption process includes two stages permutation and one stage substitution. In circular shift by row, each row of the plain image is shifted circularly using corresponding number in matrix K1. So,

41 the rotation numbers for different rows are different. Then, the resultant matrix is shifted circularly in the vertical direction. In vertical rotation, every column is shifted circularly with corresponding numbers of matrix K2. The resultant matrix of previous stage is converted into one-dimensional array and XORed with pseudorandom numbers generated to obtain the cipher image. In [Jolfaei et al., 2016], the authors have proved that, the correct permutation mapping is recovered completely by a chosen-plaintext attack in all permutationonly image ciphers, regardless of the cipher structure. They have successfully broken the Fu’s scheme [Fu et al., 2011a] and Rahman’s scheme [Rahman et al., 2011]. They proved that, n number of chosen plain-images are required to break any permutationonly image encryption algorithm, where n = (logL (M N )).(O(n.M N )) assuming a plain-image of size M × N and with L different color intensities. In [Belazi et al., 2016], the authors presented an encryption scheme, which has four phases. This scheme starts with a diffusion phase based on bitwise XOR operation and a new chaotic map followed by a substitution phase based on S-boxes. Further, a diffusion phase is added based on chaotic logistic map followed by a block permutation phase. The permutation phase is accomplished by a permutation MAP function. This algorithm is like using two chaos based algorithms in serial, thereby incurring high computational overhead. In [Houas et al., 2016], the authors proposed a scheme to encrypt binary images. Their scheme divides the original image into d blocks, then constructs new images of the same size as the original one and represents them in a new proposed basis. In [Liu et al., 2016a], the authors proposed a scheme for mobile (WSN) devices, which first designs a cache mechanism to cache the encrypted intermediate data (i.e., PAD). This scheme handles hot data as plaintexts (updated frequently). The proposed scheme uses a concurrency mechanism to fetch the ciphertext in NVM, and perform the PAD computation simultaneously, to reduce the decryption latency.


42

The authors claim that their scheme minimizes energy during PAD computation. In [Liu et al., 2016c], the authors proposed a confusion diffusion based image encryption scheme, which uses a chaotic shift transform to change the image pixel positions by shifting rows and columns. Substitutions are applied to scramble the pixel values simultaneously with the pixel permutations. Further, in [Liu et al., 2016b], the authors proposed an encryption scheme based on one-time keys, which uses chaotic system with changeable multi-scroll to generate key stream to confuse and diffuse a dual-channel audio data as plaintext. The remainder of the literature survey is organized as follows. The benchmark encryption schemes such as DES and AES are discussed in Section 2.1 and Section.

2.2. Then the widely followed trained confusion and diffusion schemes are

addressed in Section 2.3 followed by a comparative study on cryptographic scrambling techniques in Section 2.4. Section 2.5 is dedicated for a literature survey on chaos based encryption techniques. Section 2.6 addresses to the encryption in frequency domain. A survey on applications of cryptography in steganography and watermarking is given in Section 2.7 and Section 2.8, respectively.

2.1

The Data Encryption Standard (DES)

DES stands for Data Encryption Standard and was created in 1975 with some assistance from the National Security Agency (NSA). In 1981, DES became an accepted as standard and is widely used. DES is a block cipher that uses a 56bit key to create the key table. What people failed to consider was that computers got faster and cheaper and that it wouldn’t cost very much to create a computer specifically to break DES. In 1999, DES was broken in less than 24 hours on a specially built computer [Coppersmith, 1994].

2.2. THE ADVANCED ENCRYPTION STANDER (AES)

2.2

43

The Advanced Encryption Stander (AES)

AES stands for Advanced Encryption Standard. Many expect this algorithm to be the heir apparent to DES and 3-DES. It was the first algorithm created through an organized competition. The contest was announced by NIST (National Institute of Standards and Technology) in 1997. In 2000, NIST announced Rijndael [Daemen and Rijmen, 2002b] (after Vincent Rijmen and Joan Daemen, pronounced rinedoll) as winner. It had survived all the tests, and people generally liked the way it worked. Later, NIST declared the algorithm as Advanced Encryption Standard (AES) [Nechvatal et al., 2001].

2.3

The Confusion Diffusion Method

In recent times, many confusion-diffusion based algorithms are proposed. Confusion is done to permute the pixels of an image to break the high correlation between the adjacent pixels. On the other hand, diffusion is a substitution process to change the values of the pixels of an image. It can be observed that in modern time, most of the encryption algorithms are following these two steps alternatively which are known as permutation and substitution [Wong et al., 2008]. Fridrich [Fridrich, 1998]suggested that a chaos-based image encryption scheme should be composed of two states: chaotic confusion and pixel diffusion. In the first state, it permutes the pixels of a plain image using a 2D chaotic map followed by a substitution technique. This architecture forms the basis of a number of chaos-based image ciphers proposed subsequently. Sometimes they have to repeat one of the stages or both the stages to achieve a certain label of security. In [Lian et al., 2005], the authors pointed out that there existed some weak keys for ciphers employing the cat and the baker maps. Moreover, the key space of these two maps is not as large as that of the standard map. Therefore, they suggested using a standard map for confusion, while keeping the logistic map for pixel value diffusion.


44

To achieve a satisfactory level of security, Lian et al. [] recommended to perform four overall rounds of confusion and diffusion. In each confusion stage, four permutation rounds should be performed. These lead to a total of 16 permutation rounds and four diffusion rounds. In [Dascalescu and Boriga, 2013], the authors proposed another novel fast chaos-based algorithm for generating random permutations with high shift factor suitable for image scrambling. n Rounds m Rounds

Plain Inage

Confusion

Diffusion

(Pixels Scrambling)

(Pixel value modification) Cipher Image

Pseudo Random Number Generator Secret Key

Key Generator

Figure 2.1: A typical model of modern symmetric key Crypto-systems Lu et al. [Liu and Sun, 2009] proposed a spatial chaos-based image encryption scheme, which is a permutation and substitution based algorithm. Their scheme has passed through differential attack. Akhavan et. al. [Akhavan et al., 2006] proposed an image encryption algorithm based on one-dimensional polynomial chaotic maps. This scheme consists of two major steps, pixel permutation followed by XOR on the permuted data. In this scheme, they used one-parameter families of chaotic map to generate random sequences. Jan et al. [Cong et al., 2006] proposed a wavelet packets watermarking algorithm based on chaos encryption. In this scheme, the watermark data is converted to a bit stream and a random bit sequence is generated by chaotic map. Both the bit sequences are XORed to obtain the encrypted watermark. Finally, the encrypted watermark is embedded onto the image. Chong et al. [Fu et al., 2007] proposed an improved chaos-based image encryption scheme in which three logistic maps with a nonlinear transformation. The scheme demands to enlarge the keyspace, extend the period and improve the linear complexity. Wei et al. [Wei-bin and Xin, 2009] proposed an image encryption al-

2.4. A COMPARATIVE STUDY ON CRYPTOGRAPHIC IMAGE SCRAMBLING45 gorithm based on Henon chaotic system. Zhang et. al. [Yuan-Biao and De, 2009] proposed an image encryption and sharing algorithm based on chaos and indeterminate equation. Zhang and Zhao [Zhang and Zhao, 2013] proposed a chaos-based image encryption with total shuffling and bidirectional diffusion. Firstly, they have permuted the image and then applied diffusion in both forward and backward direction to achieve a good label of security. In [Hua et al., 2015], the authors have proposed a permutation-diffusion based encryption system based on a new 2D sine logistic modulation map. In the permutation stage, the scheme needs to generate a random matrix of same size of the plaintext image. Then the elements of the random matrix are sorted. The same sequence of shifting that is used to sort the elements of the matrix is also used to permute the plaintext image pixels. Hence, the scheme has an extra computational overhead of sorting a matrix of size of the plaintext image. In [Wang et al., 2015], the authors have proposed a permutation-diffusion based image encryption algorithm, which uses chaotic cat map with logistic map and dynamic random growth for generating pseudo random sequences. This scheme splits the plain image into blocks for permutation, and then again rearranges to generate the cipher image. In [Yavuz et al., 2016], the authors proposed an algorithm, which generates two pseudo random sequences using chaotic logistic map. The first sequence is used to permute the pixels, and second sequence is used to apply XOR and circular rotation for diffusion part.

2.4

A Comparative study on Cryptographic Image Scrambling

Scrambling is widely used in encryption algorithms [Mondal et al., 2015, Mondal et al., 2013, Mondal et al., 2016] for adding confusion. Scrambling refers to the


46

permutations of pixel values or permutation of bit values in a bit plane. The main purpose of scrambling is to transform a plain image into a meaningless noise and eliminate the high correlation between adjacent pixels. Various image scrambling techniques are used in pay-TV, defense purposes, medical domain, private video conferencing and various other applications [Zou et al., 2004, Radu et al., 2014]. In [Abd-El-Hafiz et al., 2016], the authors claimed a comparison of six scrambling methods. But they have kept the scrambling procedure same with six different random matrix generators. Further, in [Abd-El-Hafiz et al., 2016] authors proposed two new permutation measures 1 . This paper presents a comparative study of some popular cryptographic image scrambling methods like generalized matrix-based scrambling (transformation) [Li, 2008] using Arnold’s transform [Abbas, 2016] and Fibonacci transform [Zhou et al., 2012], gray code with bit plane transformation [Zhou et al., 2015], 2D mapping [WANG and WANG, 2012], key based row and column shifting [Premaratne and Premaratne, 2012, Mondal and Mandal, 2017] and a key based row and column shifting with bitlevel permutation proposed by Fu et al. [Fu et al., 2011b]. Here it should be noted that all the algorithms compered in this section use a common pseudo random number generator based on LFSR for different scrambling techniques. In [Abbas, 2016], matrix based scrambling is done based on Arnold’s cat map which is a chaotic map named after Vladimir Arnold who proposed the algorithm. The scrambling using Arnold’s cat map is also known as Arnold’s Transformation. The matrix based scrambling is also done based on Fibonacci transform [Zou et al., 2004]. This transform [Zhou et al., 2012] has a unique property of uniformity. The pixels that are at equal distance from each other in original image remain at equal distances in the encrypted image as well. The adjacent pixels are also spread 1 This section is accepted for publication as “Bhaskar Mondal, Neel Biswas, Tarni Mandal, “A Comparative study on Cryptographic Image Scrambling”, Second International Conference on Research in Intelligent and Computing in Engineering (RICE’17) , Proc. by ANNALS of Computer Science and Information Systems, ISSN- 2300-5963, ISSN: 1319-1578, 2016, Institute of Technology, Uttarakhand, India, 24-26 March 2017.”

2.4. A COMPARATIVE STUDY ON CRYPTOGRAPHIC IMAGE SCRAMBLING47 as far as possible resulting very low correlation between the adjacent pixels. A quantum image gray-code with bit-plane (GB) scrambling is presented in [Zhou et al., 2015, xin Chen et al., 2015]. It is one of the famous image scrambling techniques. It is used as a basic step in many encryption algorithms [Zhou et al., 2013]. In [Zhou et al., 2015], the values of higher bit planes are XORed with the lower bit planes. The value of lowest bit plane be fixed. Another image scrambling method based on 2D chaotic mapping is presented in [Yanling, 2009]. This method uses chaotic map due to its pseudo-randomness, aperiodicity, and being sensitive to change with respect to initial conditions for scrambling. It is also used in scrambling of large amount of data such as video, audio, etc [Alwahbani and Bashier, 2013]. The watermark information of the image is embedded in the amplitude spectrum by 2D mapping. Key based scrambling for secure image encryption is used in [Premaratne and Premaratne, 2012, Mondal and Mandal, 2017, Liu et al., 2016c] based on row and column swapping . Using this random sequence, the rows of the image are swapped. Similarly, the columns are swapped. Further, circular shifting of the rows and columns are done using the same sequence. Another scheme [Zhou et al., 2014] involved row and column shifting with prediction error clustering for image encryption then compression (ETC) scheme. In [Liu et al., 2016c, Parvin et al., 2014], the row and column shifting method is used for permutation of pixels. A novel chaos-based bit-level permutation scheme is used in [Fu et al., 2011a, Fu et al., 2011b], in which the image is extended to bit plane binary image. Chebyshev chaotic map is used to generate random sequences. The rows are permuted according to the random sequences. Further, the columns are shifted according to the same random sequences. Then, the extended image is divided into 8 blocks of equal sizes and again permutation is applied on each block using generalized Arnold Cat map. The blocks are then merged to obtain the cipher image [Jolfaei et al., 2016]. In [Li et al., 2017], the pixel-level permutation and bit-level permutation are


48 used for image encryption.

Entropy, computational complexity correlation between the original image and the encrypted image, and correlation between the current pixel and horizontal, vertical pixel and diagonal pixels are used as parameters for comparing the scrambling techniques.

2.4.1

Generalized Matrix-based Scrambling (Transformation)

The general model for generalized matrix-based scrambling is expressed by the Eq. 2.1: , k ∈ Z+ Vk = AVk−1 mod N

(2.1)

In Eq. 2.1, A is a matrix of size n×n, known as scrambling parameter matrix. All the elements of A are non-negative integers such that det(A) = 0, Vk , Vk−1 , N are n × 1 vectors and 0 < vi,j ≤ Nj−1 for i = k − 1, k and j = 1, 2, . . . , n assuming = (N1 N2 ...Nn ) is the Vk−1 = (Vk−1,1 Vk−1,2 ...Vk−2,n ) and Vk = (Vk,1 Vk,2 ...Vk,n ) , N module vector in which Nj are positive integers representing the upper limit of the corresponding vij = (i, j = 1, 2...) . The scrambling time of the image is denoted by a positive integer k and Z+ denotes the set of positive integers. The case with equal module is defined as equi-modulo transformation, i.e., = (N1 N2 ...Nn ) , then Eq. 2.1 can be transformed into Eq. 2.2: N Vk = AVk−1 mod N, k ∈ Z +

(2.2)

Matrix based Image Scrambling using Arnold Transform Cat map, which is also known as Arnold transform, was proposed by V. I. Arnold in ergodic theory. A process of splicing and clipping which realigns the digital image matrix is called transform. The 2D Arnold transform is an invertible map described

2.4. A COMPARATIVE STUDY ON CRYPTOGRAPHIC IMAGE SCRAMBLING49 by Eq. 2.3

xn+1 yn+1

=

11 12

xn yn

mod 1

(2.3)

where (xn , yn ) ∈ [0, 1) × [0, 1).

It can be applied to scramble digital images of N × N size by the discrete form as used Eq. 2.4:

xn+1 yn+1

=

11 12

xn yn

mod N

(2.4)

where (xn , yn ) ∈ [0, N −1]×[0, N −1] is the pixel coordinate of the plain image, N ×N is the dimension of the input plain image, and (xn+1 , yn+1 ) is the new coordinate for pixel in the resulting image. This method scrambles the pixel positions for a numbers of times to scrambled the image well enough [Abbas, 2016]. The Scrambling process: each pixel I(i, j) ji ← 11 12 ji I (i, j) ← I(i, j) where I(i, j) is original image and I (i, j) is the scrambled image.

Matrix based Image Scrambling using Fibonacci Transformation Fibonacci series is a special series named after nineteenth-century mathematician Leonard Fibonacci. The following series is called Fibonacci series: 1, 1, 2, 3, 5, 8, . . . , Let X and Y be two adjacent Fibonacci numbers, X = F (n), Y = F (n + 1). Then, F (n + 2) = X + Y . The transformation is known as the Fibonacci Transformation [Zhou et al., 2012] which is represented by Eq. 2.5 :

1 1 x x = mod N y 1 0 y where x, y ∈ {0, 1, 2, 3 . . . , N − 1}. The Scrambling process:

(2.5)


50 each pixel I(i, j)

I J

←

1 1 i 1 0

j

I (I, J) ← I(i, j)

where I(i, j) is original image and I (I, J) is the scrambled image.

2.4.2

Quantum Image Gray Code and Bit Plane Scrambling

Novel enhanced quantum representation (NEQR) [Zhang et al., 2013], which is based on Flexible Representation of Quantum Image (FRQI), is a splendid representation for a quantum image. As per the NEQR model, a gray scale quantum image can be represented as Eq. 2.6

|I =

n

n

n

n

2 −1 2 −1 1 |f (X, Y ) |XY

n 2 x=0 y=0

2 −1 2 −1 1 q−1 i = n C |XY

⊗ 2 x=0 y=0 i=0 i=0

(2.6)

where |I stands for a image of dimension 2n × 2n with 2q gray range. Then, the gray value of the pixel f (X, Y ) is encoded by a binary sequence, described by the Eq. 2.7 [Zhou et al., 2015, xin Chen et al., 2015]. q−2 q−1 0 1 k CXY . . . CXY CXY , CXY ∈ [0, 1], f (X, Y ) = CXY

(2.7)

f (X, Y ) ∈ [0, 2q − 1] The Scrambling process: The first operation performed on the image is bit plane slicing. Bit plane information rule states that high bit planes contain most of the information (50.19% information of the pixel is contained in the 8th bit plane) while the lower bit planes contain less information (0.003% information of the pixel is present in the 0th bit plane). According to this rule, the basic GB technique incurs the Gray-code transformation in reverse order i.e. 0th bit plane is kept fixed. The basic GB scrambling is denoted by Eq. 2.8. The process is represented in Fig.


52

from 1 to 8 represent the bit planes. The gates used here is Controlled NOT (CNOT) gate .

2.4.3

Image Scrambling based on 2D mapping

Let us consider the plain image A of dimension (M × N ), where M represents the height, and N represents the width of the image. The pixel value of any coordinate (i, j) is expressed by A(i, j), where i = 0, 1, 2, . . . M − 1 and j = 0, 1, 2, . . . N − 1. The dimension of the scrambled image I remains as M × N [Yanling, 2009]. The Scrambling process: Step1: Generate a two dimensional random sequence R(i, j), (i = 0, 1, 2, . . . M − 1; j = 0, 1, 2, . . . N − 1). Step2: Since XOR operation is reversible in mathematics, it may be used to realize the counter operation of an algorithm. Chaos sequence R is used to obtain new pixel values for image A1 from the plain image A’s pixel values using A1 (i, j) = A(i, j) ⊕ R(i, j). Step3: The final encrypted image E is obtained by changing the pixels of A1 . For this purpose, a symmetric mirror transformation is applied on A1 vertically as well as horizontally. Eq.

2.9 describes a horizontal (left-right) mirror trans-

formation, which results in an intermediate transformed image A2 . Finally A2 is transformed vertically (top down) using Eq. 2.10 to produce E.

A2 (i, j) =

⎧ ⎪ ⎪ ⎨A1 (i, N − j + 2)

mod (j, 2) = 0

⎪ ⎪ ⎩A1 (i, j)

mod (j, 2) = 1

E(i, j) =

(2.9)

⎧ ⎪ ⎪ ⎨A2 (M − i, j)

mod (j, 2) = 1

⎪ ⎪ ⎩A2 (i, j)

mod (j, 2) = 0

(2.10)

2.4. A COMPARATIVE STUDY ON CRYPTOGRAPHIC IMAGE SCRAMBLING53

2.4.4

Key based Scrambling by Row and Column Shifting

Key based scrambling algorithm is a very effective and simple method of image scrambling and encryption. In this method, the user specifies a ‘key’ that forms a sequence of two pseudo random numbers R1 and R2 as described in Algorithm 1. [Liu et al., 2016c]. generate a key sequence of size equal to maximum dimension of image use key sequence switch rows

to

Input Image

use key sequence to switch columns

use key sequence to shiift rows circularly

use key sequence to shift column circularly

Output image

Figure 2.4: Flow chart of Key based scrambling [Premaratne and Premaratne, 2012]

Encryption in this method is key-based and subsequently a scrambled image is generated. The method is shown in Fig. 2.4.

2.4.5

Fu et al. Scheme

Fu et al. [Fu et al., 2011b] proposed a scheme using chaos based bit permutation. The scheme performs shuffling in two steps, first using a chaos sequence based on Chebyshev chaotic map and second using generalized Arnold transform. The scheme


54

Algorithm 1 The Scrambling process: 1: procedure ScramblingKey 2: I = ReadP lainImage() 3: M = rows(I) 4: N = columns(I) 5: R1, R2 are random matrix 6: for i = 0 to M do 7: Ir = Cyclic shift the ith row to right with step size R1i 8: end for 9: for i = 0 to N do 10: Ic = Cyclic shift the ith column of Ir to right with step size R2i 11: end forreturn Ic 12: end procedure

is successful in generating a secure image cipher. The steps are as follows:

1. Extend the image of size M × N to M × N × 8 bit plane binary image. 2. Generate the chaotic sequences S0 and S1 of size M and N × 8 respectively using Chebyshev chaotic map in Eq. 2.11. x(n+1) = Tl (xn ) = cos(l. cos−1 xn ),

(2.11)

xn ∈ [−1, 1], l ∈ [2, ]

3. Permute the rows of the binary image using sequence S0 .

4. Permute the columns of binary image using sequence S1 .

5. Now, Divide the binary image into 8 blocks of equal size.

6. Permute each block with generalized Arnold cat map (in Eq. 2.4) k times.

7. Marge the blocks left to right to recover the pixel plane and further generate the Cipher Image.


(a) Airplane: Original test image 1

(b) Scrambled by Arnold’s transformation

(c) Scrambled by Fibonacci transformation

(d) Scrambled by gray code with bit plane scrambling

(e) Scrambled by 2D mapping

(f) Scrambled by key based row and column shifting

(g) Scrambled by key based row and column shifting with bit plane scrambling

Figure 2.5: Results of scrambling using different scrambling techniques on Airplane image: Original test image 1


56

2.4.6

Comparative Study and Results

Four images namely test image 1 in Fig. 2.5(a), test image 2 in Fig. 2.6 (a), test image 3 in Fig. 2.7 (a), test image 4 in Fig. 2.8 (a) were taken for experiment. Each of these images were scrambled using six different methods. The subfigures (b), (c), (d), (e), (f), and (g) in the corresponding figures are obtained respectively by applying the methods (i) Arnold’s transformation, (ii) Fibonacci transformation, (iii) gray code with bit plane transformation, (iv) 2D mapping, (v) key based row and column shifting method, and (vi) key based row and column shifting method with bit plane.

Entropy Analysis

Entropy is the measure of randomness and unpredictability in an image. It measures the randomness in the frequency of occurrence of pixels with different intensities present in the image. A small value of entropy demonstrates high statistical correlations and repetition of same values or keys, which is the weak point for statistical cryptanalysis. In contrast, a high value of entropy indicates a less predictable key and high randomness. A good cipher has an entropy closer to 8.

H=−

N −1 2

pi log2 pi

(2.12)

i=0

Comparative Computational Complexity

The Comparative numbers of operation are presented in Table 2.1. Where k stands for number of iterations of Arnold, Fibonacci transform, Gray bit plane scrambling.


(a) Baboon: Original test image 2



(d) Scrambled by gray code bit plane scrambling




Figure 2.6: Results of scrambling using different scrambling techniques on Original test image 2 (Baboon image)


58

(a) Lena: Original test image 3







Figure 2.7: Results of scrambling using different scrambling techniques on Original test image 3 (Lena image)


(a) Peppers: Original test image 4







Figure 2.8: Results of scrambling using different scrambling techniques on Original test image 4 (Pappers image)


60 Scheme ArNumberld’s transformation Fibonacci transformation gray code with bit plane transformation

Operation Number of mod operations M × N × k ; Number of swap operations M × N × k Number of mod operations M × N × k ; Number of swap operations M × N × k Number of xor operations M × N ; Number of mod operations M × N × 2; Number of copy operations 3×M ×N 2D mapping Number of XOR operations 7 × M × N × k row and column shifting Number of swap operations M × N + N × M = 2×M ×N ; Worst Case Number of shift operations max(M, N ) × M + max(M, N ) × N row and column shifting Number of swap operations M + N × 8 + M × N × with bit plane scrambling 8 × k; Number of mod operations M × N × 8 × k Table 2.1: Comparative results of operation

Correlation Coefficient

It is the degree of relationship between the same pixels of the original and the encrypted image. It is calculated by the formula given in Eq. 2.13: |(Amn − A)(Bmn − B) r = m n (Amn − A)2 (Bmn − B)2

(2.13)

where A and B are the original and the encrypted images, respectively and A and B are their means. A low value of the correlation coefficient indicates a good quality of the encryption system. The tested values are presented in Table 2.2. Scrambling is one of the most important part of confusion-diffusion based image encryption. A huge number of scrambling techniques are available in the literature. Therefore, choosing the correct scrambling method for an encryption scheme becomes the most crucial factor. The performance of an encryption scheme largely depends on the scrambling technique. In this section, a comparative study on different cryptographic scrambling techniques is presented. Correlation coefficient, entropy and computational complexities are compared in by simulating and testing them on four images.


Test image

Airplane image

Baboon image

Lena image

Peppers image

Parameters Arnold’s Transformation

Fibonacci Transformation

Gray code bit plane

2D mapping

row and column shifting

Correlation Horizontal Vertical Diagonal Entropy Correlation

0.0117 0.4942 0.3451 0.3485 6.7025 0.0097

0.0505 0.3177 0.3573 0.3008 6.7025 0.0485

0.0443 -0.0553 -0.0538 -0.0550 0.8236 0.0033

0.0954 0.1691 0.6425 0.1917 6.7780 0.0569

row and column shifting with bit plane scrambling 0.0016 0.0298 0.0056 0.0089 7.9368 0.0017

0.3120 0.2215 0.0296 7.2673 3.1170e05 0.6513 0.4783 0.2036 7.4455 0.0228 0.5906 0.3675 0.1561 7.5937

0.0485 0.0556 0.2883 3.6133 0.0091

0.0446 0.0722 0.0346 7.2673 0.0423

0.0612 0.3780 0.0087 7.1782 0.0139

0.0481 0.0160 0.0090 7.9523 0.0021

0.1307 0.1676 0.1323 7.4455 0.0022 0.1134 0.0556 0.0834 7.5937

0.0626 0.0660 0.0667 0.7.691 0.0380 -0.0434 -0.0405 -0.0521 0.8415

0.0646 0.6749 0.0680 7.4677 0.0217 0.0252 0.6936 0.0345 7.6438

0.0199 0.0165 0.0158 7.9976 0.0011 0.0114 0.0050 0.0398 7.9966

Horizontal Vertical Diagonal Entropy Correlation Horizontal Vertical Diagonal Entropy Correlation Horizontal Vertical Diagonal Entropy

0.0015 -0.1114 -0.0733 0.0278 6.7025 4.5970e04 0.0979 0.1232 0.1051 7.2673 2.4868e05 0.0327 -0.0875 0.1963 7.4455 -0.0110 0.0979 0.0175 0.1066 7.5937

Table 2.2: Comparative results of correlations and entropy. (Correlation between current pixel and horizontal/diagonal/vertical pixel is found by choosing 1000 random pixels)


62

2.5

Chaotic Maps and Encryption

Cryptography is largely dependent on random number generator. However, a system generated random numbers are pseudo-random numbers, which mostly depend on a seed. Though random number generated through this technique is not easier to guess but if a large set of output is studied and algorithm is known then guessing of initial seed is not a hard job. Here chaos theory comes into play. Using a chaos theory, a large set of random number can be generated which can be used for encryption purpose. In [Fridrich, 1997], the authors proposed a first work on image encryption based on chaotic maps. The chaotic system is a nonlinear deterministic system. It has a variety of characteristics such as high sensitivity to initial conditions, deterministic, and ergodicity. The chaotic maps often generate highly complex pseudo random sequences, which are difficult to predict or analyze [Parker and Chua, 1987, Wu and Rul’kov, 1993]. This provides high security to the encryption algorithms. In [Han et al., 2003], the authors proposed an image encryption algorithm based on chaotic system in which the authors used 1D Logistic map to decompose the image first and then shuffled the decomposed image using 2D Hanon map. So the image was insecure on differential and statistical attack. In [Hermassi et al., 2011], the authors proposed an improvement of image encryption algorithm based on hyper-chaos. In [Li et al., 2012], the authors demonstrated the weakness of chaotic-map based color image encryption algorithm by successful chosen-plaintext attack and chosen-ciphertext attack.

In [Wang and

Liu, 2013], the authors performed cryptanalysis of a parallel sub-image encryption method with high-dimensional chaos. In [Wang et al., 2011], an image blocks encryption algorithm based on spatiotemporal chaos is presented and in [Wang et al., 2010a], another chaotic encryption algorithm based on alternate of stream cipher and block cipher is proposed.In [Cho and Miyano, 2015], a chaotic cryptography using augmented Lorenz equations aided by quantum key distribution was proposed. In

2.6. ENCRYPTION IN FREQUENCY DOMAIN

63

[Hua et al., 2015], the authors proposed another image encryption scheme based on 2D sine logistic modulation map. In [Cho and Miyano, 2015], the authors proposed a chaotic cryptographic scheme using augmented Lorenz equations with quantum key distribution. In [Niyat et al., 2017], the authors proposed a non-uniform cellular automata framework for color image encryption. The color image is divided into red, green, and blue components. Then a three-dimensional Arnold mapping is repeated to demise the relations between pixels, which uses six random sequences to replace the rows and columns of each color component. In [Li et al., 2012], the authors successfully demonstrated the weakness of chaotic map based color image encryption algorithm against chosen-plaintext attack and chosen-ciphertext attack.

2.6

Encryption in Frequency Domain

In [Cong et al., 2006], the authors proposed a wavelet packets watermarking algorithm based on chaotic encryption algorithm. In this scheme, the watermark data is converted into a bit stream and a random bit sequence is generated by chaotic map. Both the bit sequences are XORed to obtain the encrypted watermark. Finally, the encrypted watermark is embedded onto the image. In [Han et al., 2007], the authors proposed a fingerprint protection scheme using 2D multi-scroll attractors based pseudo-random sequence. In this scheme, all the initial parameters are generated from a binary fingerprint data. In [Wang et al., 2010b], the authors proposed an image encryption scheme based on high-dimension Lorenz chaotic map and perception model within a neural network. In [Mosa et al., 2010], the authors proposed an encryption of speech signal with multiple secret keys in time and transform domains. In [Bhatnagar and Wu, 2012, Bhatnagar and Wu, 2014b], authors proposed schemes to protect fingerprint data based on fractional wavelet packet transform (FrWPT) and chaotic map. Further, in [Bhatnagar and Wu, 2014a], the authors proposed a scheme for biometric image encryption which uses FrWPT, chaotic map and Heisenberg decomposition due to which the algorithm has very high computa-


64

tional overhead and is not suitable for large image encryption.

2.7

Cryptographic Steganography

Steganography is the practice of concealing messages or information within other non-secret text or media. It has been proposed as a technique of transmitting data (image) by embedding into a media (image, audio or video), which acts as a cover. So, the steganography techniques conceal the existence of secret data (image) from the undesired users. Earlier several steganography schemes [Cheddad et al., 2010, Bilal et al., 2013] have been proposed in literature for transmission of secret image. One of the most commonly used techniques is LSB substitution, [Mondal and Singh, 2013] as it has lower computational complexity and higher hiding capacity. In [Wu et al., 2015], a steganography scheme using G.729 bit stream and matrix coding with interleaving is presented. Recently, a trend is notable that secret data is encrypted before embedding onto the cover image[Zhou et al., 2016] which adds extra computational overhead to the steganography schemes. In [Sharma et al., 2016], authors presented a servery on hiding text message.

2.8

Cryptographic Watermarking

Various watermark algorithms [Zhang et al., 2009, Wei et al., 2012] are proposed to meet the demand. Watermarking may be applied on image, audio or video. A good watermark technique must protect the watermark data from noise and signal deformation. In [Zhou and guo Shi, 2012, Katariya, 2012] the authors identified that the properties of a good watermark technique are imperceptibility, robustness and safety. In [I. J. Cox and Shamoon, 1997], the authors proposed an non-oblivious watermark technique. A private or non-oblivious watermark technique uses the

2.8. CRYPTOGRAPHIC WATERMARKING

65

original signal for the detection of watermark. On the other hand, in [O’Ruanaidh and Pun, 1997] [Nikolaidis and Pitas, 1998, Lin et al., 2001, Wang et al., 2002], the authors proposed some oblivious or blind methods which do not need the original signal for the detection of watermark. Watermark techniques may also be classified into two types. One embeds data in the special domain by changing the selected sample [Tefas and Pitas, 2001]. Other works in some suitable transformation domain like DCT [I. J. Cox and Shamoon, 1997, Barni et al., 1998], Discrete Fourier Transformation (DFT) [Solachidis and Pitas, 2001, Ruanaidh et al., 1996], or DWT [Wang et al., 2002, Tsekeridou and Pitas, 2000] modifying the coefficient values. The digital transformation needs to protect the watermark data so that any unauthenticated user will not be able to reveal the original source of the audio and not be able to recognize the watermark as well. In [AL-Nabhani et al., 2015], the authors proposed an enhanced technique for producing watermarked images with high invisibility using discrete wavelet transform with a Haar filter to embed watermark image and probabilistic neural network to extract the watermark image. In [Nematollahi et al., 2015], the author proposed a blind speech watermarking technique, in which each frame of the speech was transformed by applying DWT. Then, the watermark bits were embedded by quantization of Eigen-value to protect from filtering, additive noise, re-sampling, and cropping. In [Najih et al., 2016], the authors proposed robust and transparent watermarking scheme based on counterlet transform and quantization index modulation. In [Karmakar et al., 2016], the authors presented a blind video watermarking scheme, which is resistive to rotation and collusion attacks. It protects the watermark from tampering. In [Bouslimi et al., 2016], the authors have proposed an image watermarking scheme. This process embeds the watermark before encrypting the image as well as after encryption of the image, which enables the system to find the watermark data independent of encrypted or decrypted image. It uses RC4 key stream generator for

66


generating pseudo random sequences and LSB substitution technique for embedding the watermark data.

Chapter 3 A Secure Image Encryption Algorithm using LFSR and RC4 Security of image data is one of the primary concerns with growing multimedia transmission. Confidentiality of image data in the medical, military and intelligence fields is indispensable. Encryption techniques are applied on sensitive image data to ensure its security. This chapter presents a highly secure image encryption algorithm based on the permutation-substitution architecture [Wong et al., 2008]. The proposed algorithm uses a 32 bit Linear Feedback Shift Register (LFSR) [Mondal and Singh, 2013, Wang and McCluskey, 1988] for permutation and RC4 key stream generator for substitution. Statistical analysis of the cipher image produced after performing permutation and substitution show that cipher image is secure enough to be used for image encryption and transmission1 . The rest of this chapter is organized as follows. Section 3.1 describes the preliminaries. Section 3.2 presents the encryption algorithm and section 3.5 presents the security analysis and performance of the algorithm . Finally, a summary of the 1 This chapter was published as “Bhaskar Mondal, Nishith Sinha, Tarni Mandal, “A Secure Image Encryption Algorithm using LFSR and RC4 Key Stream Generator”, Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics; ICACNI 2015, Volume 1; Publisher: Springer Smart Innovation, Systems and Technologies Series., eBook ISBN: 978-81-322-2538-6, DOI: 10.1007978-81-322-2538-6, pp: 227-238., 2016

67

CHAPTER 3. IMAGE ENCRYPTION USING LFSR AND RC4

68

chapter is given in section 3.7.

3.1

Preliminaries

In this section, LFSR and RC4 key stream generator are discussed in detail, which are used in the encryption scheme.

3.1.1

Linear Feedback Shift Register

LFSR is a shift register whose input bit is a linear function of its previous state. The most commonly used linear function of single bits is exclusive-or XOR. Thus, an LFSR is most often a shift register whose input bit is driven by the (XOR) of some bits of the overall shift register value. The initial value of the LFSR is called the seed. Because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen feedback function can produce a sequence of bits which appears random and which has a very long cycle. Applications of LFSRs include generating pseudo-random numbers, pseudonoise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common [Panda et al., 2012, Zadeh and Heys, 2014]. The bits in the LFSR state which influence the input are called taps. A maximum-length LFSR produces an random sequence (i.e. it cycles through all possible 2n − 1 states within the shift register except the state where all bits are zero), unless it contains all zeros, in which case it will never change. The sequence of numbers generated by this method is random. The period of the sequence is (2n − 1), where n is the number of shift registers used in the design. For 32 bit design the period is 4294967295. This is large enough for most of the practical applications. The arrangement of taps for feedback in an LFSR can be expressed in finite field arithmetic as a polynomial of

mod 2. This means that the coefficients


70

dom numbers for substitution. The key stream generation process can be divided into two phases: Key Scheduling Algorithm (KSA) and Pseudo Random Generation Algorithm (PRGA). Executions of the KSA and PRGA phases result in a pseudo-random sequence of numbers which is then used for substitution. The RC4

Σ

Si 0

1

2

Si + Sj

i

Sj j

253 254 255

K Figure 3.2: The lookup stage of RC4. The output byte is selected by looking up the values of S(i) and S(j), adding them together modulo 256, and then looking up the sum in S; S(S(i) + S(j)) is used as a byte of the key-stream K.

algorithm was initially proposed by Ron Rivest in 1987. Today, it is one of the most important stream ciphers widely used in various security protocols such as Wi-Fi Protocol Access (WPA) and Wired Equivalence Privacy (WEP). Popularity of RC4 is mainly because it is fast, utilizes less resources and easy to implement [Lamba, 2010]. RC4 [Weerasinghe, 2013, Kwok and Lam, 2008] is also used extensively for pseudo-random number generation. It takes a secret key as the input and produces a stream of random bits using a deterministic algorithm. This stream of random bits is known as key stream. In the initialization stage the 256-bit state table, S is populated, using the key, K as a seed. Once the state table is setup, it continues to be modified in a regular pattern as data is encrypted. The initialization process can be summarized by the Algorithm 3. It is important to notice here the swapping of the locations of the numbers 0 to 255 (each of which occurs only once) in the state table. The values of the state table are provided. Once the initialization process is completed, the operation process may be summarized as shown by the Algorithm 3 The key stream generation process can be divided into two phases: Key

3.2. THE ENCRYPTION SCHEME

71

Algorithm 2 The initialization process: 1: procedure initRC4 2: for i = 0 to 255 do 3: S[i] := i 4: end for 5: j := 0 6: for i = 0 to 255 do 7: j := (j + S[i]+ key [i mod keylength]) mod 256 8: swap values of S[i] and S[j] 9: end for 10: end procedure Algorithm 3 The initialization process: 1: procedure initRC4 2: i := 0 3: j := 0 4: while GeneratingOutput do 5: i := (i + 1) mod 256 6: j := (j + S[i]) mod 256 7: swap values of S[i] and S[j] 8: K := S[(S[i] + S[j]) mod 256] 9: output K 10: end while 11: end procedure

Scheduling Algorithm (KSA) and Pseudo Random Generation Algorithm (PRGA). Initialization of S-box is done by KSA using a variable length key as the input. Shuffling of S-box values takes place in the PRGA phase. Executions of the KSA and PRGA phases result in a pseudo-random sequence of numbers which is then used for encryption.

3.2

The Encryption Scheme

The proposed algorithm can be divided into two parts- permutation using LFSR and substitution using RC4 key stream generator. Both these parts are described in detail in this section.


72

3.2.1

Permutation

Shuffling of pixel is done in the permutation process with the intent to modify the statistical and visual features of the plain image. A 32 bit seed is given as the input to the LFSR. Implementation of LFSR can be further divided into two phases. In the first phase, permutation of each row takes place while in the second phase, permutation of each column is done.

1. Generate a 32 bit pseudorandom number V . This 32 bit number remains the same for all pixels belonging to a particular row during row permutation phase and then for all pixels belonging to a particular column during column permutation phase. 2. Two numbers,Vr and Vc are obtained from V as in Eq. 3.1, 3.2.

Vr = V mod M

(3.1)

Vc = V mod N

(3.2)

where M is total number of rows in plain image and N total number of columns in plain image 3. If the values of Vr and Vc are same for a given row, then Vr and Vc are XORed with the y and x value respectively of each pixel of a particular row during row permutation and each pixel of a particular column during column permutation to produce Vr and Vc as shown in Eq. 3.3 3.4. Modulus operation is performed on Vr and Vc as follows to produce x and y , as in Eq. 3.5, and Eq. 3.6.

Vr = Vr ⊕ y

(3.3)

Vc = Vc ⊕ x

(3.4)


73

x = Vr

mod M

(3.5)

y = Vc

mod N

(3.6)

4. In the final step of the iteration, value of pixel (x, y) is swapped with value of pixel (x , y ).

5. The above process is repeated for each row during row permutation then for each column for column permutation.

Permutation process produces an intermediary cipher image (I ) which is of the same size as that of the plain image. Substitution is then performed on this intermediary cipher image to produce the final cipher image.

Seed

tap points

K

RC 4

LFSR Plain Image

P

Permutation

XOR

Cipher Image Figure 3.3: Proposed Encryption Algorithm Architecture


74

3.3

Substitution using RC4 Key Stream Generator

Correlation among pixels of the plain image is destroyed by the shuffling of pixels in the permutation process. The output of the permutation process is the intermediary cipher image which is then subjected to substitution using RC4 key stream generator. RC4 key stream generator algorithm can be divided into two parts – Key Scheduling Algorithm (KSA) and Pseudo Random Generation Algorithm (PRGA). KSA makes use of a key to initialize a 256-byte array S. This process is known as the initialization of the S-box. The 64-bit key for the key stream generator is produced using a key generator as follows

1. Total number of pixels K = M × N , in the intermediary cipher image is calculated. 2. Then, the real number P =

1 (K+1)

is calculated where Z can be treated as a 64-

bit binary number and is divided into 8-bit blocks Pi where (i = 0, 1, 2, . . . 7). 3. P0 , P1 , P2 , . . . , P 7 are the eight numbers, each of 8 bits which form the key for the key stream generator.

The key is then used to produce a random permutation of the initialized array S. This marks the end of the KSA phase. Once the array S has been initialized, the key is no longer used. PRGA phase now begins. It produces a random sequence of words from the permutation in S known as the key stream. A sequence of K pseudo random numbers is calculated using the key stream generator, where K is the total number of pixels. The pseudo random number produced for each pixel is XORed with the present pixel value of the intermediary cipher image to produce the pixel value of that particular pixel in the final cipher image.

3.4. DECRYPTION

75

Once, this process of substitution has been completed for all pixels of the intermediary cipher image, the final cipher image is obtained. Graphical representation of proposed algorithm is as given in Fig. 3.4. In the permutation phase, the pseudo random numbers generated from LFSR are XORed with the pixel locations of the plain image to determine the pixel to be swapped, first each row at a time then each column at a time. Similarly, the pseudorandom numbers generated for substitution from the RC4 key stream generator are XORed with the pixel values of the intermediary cipher image to calculate the pixel values of the final cipher image. For decryption, same pseudo-random numbers are generated using the RC4 key stream generator and are XORed with the pixel values of the cipher image to produce the intermediary plain image. Pixel values of the intermediary plain image are the same as those of the intermediary cipher image. Key being the same, the same pseudo-random numbers are then generated from the LFSR which were generated during encryption. These numbers are XORed again with the pixels locations of the intermediary plain image, first each row at a time then each column at a time to determine the pixels for swapping. The image obtained after swapping of pixels is the plain image, completing the decryption process.

3.4

Decryption

The decryption process is presented in Fig.

3.4. It’s the inverse process of the

encryption process. The decrypted data is identical with the plaintext and no loss of data is observed. The decryption process shown in Fig. 3.4 can be described in following steps:

1. It needs the set of keys (K, P, S, T ), that was used for encryption. 2. (K, P ) will be used for generating a pseudorandom sequence R1 using RC4. 3. (S, T ) will be used for generating another pseudorandom sequence R2 using


76 LFSR.

4. First the ciphertext image Ie is XORed with R1 to obtain a intermediate image Ie . Then 5. Ie is inverse shuffled using R2 to obtain the decrypted image I.

K

Seed

P

LFSR

RC 4 Cipher Image

tap points

XOR

Inverse Permutation

Plain Image Figure 3.4: The decryption process for the encryption scheme

3.5

Experimental Results

In this section, we establish the effectiveness of the proposed algorithm with two test images. Simulation results show that the visual characteristics of the cipher image are completely altered, thereby ensuring confidentiality of the image. Here two images are use as test cases. The first test image in Fig. 3.5, is an image of size 256 × 192. The seed given to LFSR for permutation is 6571423141. For substitution, the key for the RC4 key stream generator is produced using the

3.5. EXPERIMENTAL RESULTS

77

key generator. The value of N = 49152 and Z = 2.0345 × 10−5 for the first test image. In the second test image in Fig. 3.10, we use an image of size 256 × 256 pixels. The seed given to LFSR for permutation is 87253141. For substitution, the key for the RC4 key stream generator is produced using the key generator. The value of N = 65536 and Z = 1.5258 × 10−5 for the second test image 2.

Figure 3.5: Plaintext image 1 for test

Figure 3.6: After permutation image 1

78


Figure 3.7: Encrypted Image 1

Figure 3.8: Histogram of Plaintext image 1

3.6

Security Analysis of Test Results

One of the most important characteristics of any encryption algorithm is that it should be resistant to most of the known attacks. In this section, we establish the robustness of the proposed algorithm against statistical, differential and brute force attacks.

3.6. SECURITY ANALYSIS OF TEST RESULTS

Figure 3.9: Histogram of image 1

Figure 3.10: Plaintext test image 2

79

80


Figure 3.11: After permutation test image 2

Figure 3.12: Encrypted test image 2

3.6.1

Histogram Analysis

Image histogram exhibits the nature of distribution of pixels in an image. If the histogram of the encrypted image is uniform, the encryption algorithm is considered


81

Figure 3.13: Histogram of test image 2

Figure 3.14: Histogram of encrypted test image 2 to be more resistant to statistical attacks. Fig. 3.8 and Fig. 3.9 show the histogram of the plain image and the cipher image respectively of test image 1, while Fig. 3.13 and Fig. 3.14 show the histogram of the plain image and the cipher image respectively of test case 2. It is evident that the distribution of pixels in the cipher image is

82


uniform and is significantly different from that of the plain image establishing that the proposed algorithm is resilient against statistical and differential attacks.

3.6.2

Correlation Analysis

Correlation between adjacent pixels of an image is an objective measure of the efficiency of encryption. Plain image has strong correlation between adjacent pixels. It is desired that the encryption algorithm removes the strong correlation in order to be resistant to statistical attacks. Correlation property can be computed by means of correlation coefficients as in Eq. 3.7:

Cov(x, y) σ x × σy

r=

V AR(x) =

N 1 (xi − E(x))2 N i=1

σx = σy = Cov(x, y) =

V AR(x)

V AR(y)

N 1 (xi − E(x))(yi − E(y)) N x=1

(3.7)

(3.8) (3.9) (3.10) (3.11)

where E(x) and D(x) are expectation and variance of variable x respectively. Coefficient of correlation for the cipher image in test image 1 is 8.138 × 10−4 and test image 2 is 1.274 × 10−5 . Coefficient of correlation was calculated for a number of images encrypted using the proposed algorithm. The values obtained were roughly in the range of −8.756 × 10−4 to 0.00397. This implies that the cipher images obtained using the proposed algorithm have fairly low correlation coefficient making the algorithm resistant towards statistical attacks.


3.6.3

83

Key Sensitivity Analysis

The system is very sensitive to the initial conditions which form the cipher key for the encryption/decryption process. Certain tests were performed to examine the sensitivity of the key. If we increase the value of x0 by −1e10 in the decryption process, then the decrypted image is changed completely and becomes unrecognizable.

3.6.4

Chosen Plaintext Attack and Differential Cryptanalysis

Differential attacks is the study of how differences in an input can affect the resultant difference at the output. Attackers take a pair of images which differ in small magnitude and then generate their cipher images from the same algorithm. Then they compare the two encrypted images, hoping to detect statistical patterns in their distribution. There are two methods used to find performance against differential attacks [Biham and Shamir, 2012, Hermassi et al., 2011]. Let C1 and C2 be two different cipher-images whose corresponding plaintext images differ by only one bit. Label the gray scale value of the pixel at coordinates (i, j) in C1 and C2 by C1 (i, j) and C2 (i, j) respectively. Define an array, D of the same size as images C1 and C2 . Then D(i, j) is determined by ⎧ ⎨ 0 D(i, j) = ⎩ 1


Number of pixel change rate (NPCR) : It measures the percentage of different pixels between two cipher images whose plane images have only one pixel difference [Wu et al., 2011]. Larger value (≈ 100%) reflects better quality of encryption. NPCR is calculated using Eq. 3.12


84

i,j D(i, j) × 100% M ×N

N P CR = U ACI =

C1 (i, j) − C2 (i, j) 1 × 100% M × N i,j 255

(3.12) (3.13)

Unified Average Changing Intensity (UACI) : It measures the average intensity of differences between two cipher images [Wu et al., 2011]. UACI is calculated using Eq. 3.13. where D(xi , yi ) = 0 if xi = yi and D(xi , yi ) = 1 if xi = yi . NPCR value for test case 1 is 0.9958 while the same for test case 2 is 0.9956. NPCR value was calculated for a number of images encrypted using the proposed algorithm. The higher value of N P CR (nearly 100%) and U ACI demonstrate good quality of encryption.The values obtained were roughly in the range of 0.9956 to 0.9966. UACI for test case 1 is 0.2742 while the same for test case 2 is 0.1957. UACI value was calculated for a number of images encrypted using the proposed algorithm. The values obtained were roughly in the range of 0.19 to 0.27.

3.6.5

Information entropy

Information entropy is the degree of the uncertainty associated with a random event. It tells us the amount of information present in the event. It increases with uncertainty or randomness. It finds its application in various fields such as statistical inference, lossless data compression and cryptography. The entropy H(m) of m can be calculated as in Eq. 3.14:

H(m) =

L−1 0

p(mi ) log2

1 p(mi )

(3.14)

where L is the total number of symbols, mi ∈ m and p(mi ) is the probability of symbol mi . In case of a random gray scale image, H(m) should theoretically be equal to 8 as there are 256 gray levels. Information entropy value for the cipher

3.7. SUMMARY

85

image in test image 1 is 7.9536 and test image 2 is 7.9569. The values obtained were roughly in the range of 7.9536 to 7.9591 on random image test.

3.6.6

Key Space Analysis

The proposed algorithm uses a 32-bit seed for permutation and a 64-bit key for the substitution using a key generator. Thus the key space for the proposed algorithm is 292 . Experimental results also validate that the suggested algorithm is highly sensitive to the secret key. Even a slight change to the secret key causes a substantial change to the cipher image formed. Hence, we can state that the proposed algorithm is resilient to brute force attacks.

3.7

Summary

This chapter presents a novel image encryption algorithm based on the permutationsubstitution architecture. In the proposed algorithm, LFSR is used for permutation. It takes a 32-bit seed as input and generates 32-bit pseudorandom number. Shuffling of pixels of the plain image takes place based on the generated pseudo-random number forming the intermediary cipher image. In the substitution phase, a 64-bit key is generated using a key generator which is fed to the RC4 key stream generator. Key stream is then used to alter the pixel values on the intermediary cipher image to form the final cipher image. The results shows that the visual characteristics of the plain image are completely altered ensuring confidentiality of the plain image. Various security analysis were performed on the cipher image. The results of these security tests proved that the algorithm is resistant towards statistical, differential and brute force attacks.

86


Chapter 4 A Chaos based Secure Image Encryption Algorithm This chapter presents an image encryption technique based on 2D standard chaotic map and basic bit operations. The proposed encryption scheme may roughly be divide into three parts, the random number generator, permutation, and diffusion. The 2D standard chaotic map is used to generate the random number sequences required in permutation and diffusion. The algorithm uses the basic bit wise operation for diffusion of the pixels. As the chaotic map and bit wise operation both run on very low computational overhead, the overall scheme becomes a lightweight process1 . In the next section, the proposed encryption algorithm is discussed followed by the security analysis and performance of the algorithm in Section 4.2. Finally, in Section 4.3, the summary of the chapter is presented.

1 This chapter is outcome of “Bhaskar Mondal, Tarni Mandal, “A Novel Chaos based Secure Image Encryption Algorithm”, International Journal of Applied Engineering Research (IJAER), ISSN 0973- 4562, Volume 11, pp 3120-3127, 5 Number 2016”

87

88CHAPTER 4. A CHAOS BASED SECURE IMAGE ENCRYPTION ALGORITHM

4.1


The discussed image encryption is a simple and fast process. This section presents an overview of the process that takes place to encrypt an image. The scheme has been presented in Fig. 4.1. The encryption algorithm has been divided into three stages. The three stages are random number generation process, image permutation process, and substitution process. The first stage is the random number generation stage, where two different random number matrices are generated based on a chaotic standard map. The initial condition for the two random number matrices are different. The standard map has been described with its parameter in section 4.1.1. In second stage the pixels of original image is shuffled twice using the random matrix generated in the first stage. First we shuffle the image once and take the transpose of the one round permuted image. Then the transpose image is permuted for the second time. The third and the final stage of the encryption process is the substitution stage where the pixels in the permuted image are substituted using a combination of simple matrix manipulations and a digital circuits. This logical circuit has been explained in detail in the in section 4.1.3 along with individual functions used in the circuit. This process also requires a new random number matrix. The three stages of the encryption scheme is shown in Fig. 4.1.

4.1.1

Random Number Generation

Using simple chaotic maps, large numbers of random numbers can be generated. A large number of chaotic maps are available and many of them have already been used in the field of cryptography, physics, medical science, etc. For our purpose of image encryption, 2D standard map is used here. The random number generator in the encryption scheme uses the following standard map to generate random bit


89

Figure 4.1: Graphical representation of overall process

sequence. The system of equation is shown in Eq. 4.1. X(1,n+1) = (X(1,n) + K sin Y(1,n) )

mod 2π

Y(1,n+1) = (Y(1,n) + K sin Y(1,n) )

mod 2π

X(2,n+1) = (X(2,n) + K sin Y(2,n) )

mod 2π

Y(2,n+1) = (Y(2,n) + K sin Y(2,n+1) )

mod 2π

(4.1)

The set of initial conditions(X1,0 , Y1,0 , X2,0 , Y2,0 ∈ [0, 2π])and K is a stochastic parameter. The chaotic region in the phase space increases with increase in value of K. The bit sequence from the equations given above is generated in the following

90CHAPTER 4. A CHAOS BASED SECURE IMAGE ENCRYPTION ALGORITHM manner as in Eq. 4.2

H(X2,n+1 , Y1,n+1 ) =

⎧ ⎪ ⎪ ⎨1, if X2,n+1 > Y1,n+1 ⎪ ⎪ ⎩0

(4.2)

if X2,n+1 ≤ Y1,n+1

The above random number generator has been tested with NIST suite (also known as DIEHARD suite) of statistical tests which are considered the most stringent tests suite to detect the characteristics expected of truly random sequence. The results of the tests show that this random number generator is perfect for cryptography and can be used to design stream cipher. This random number generator has been used thrice to generate three random matrices R1 , R2 and R3 , the dimension of all three matrices are same as the image I. Two matrices (R1 and R2 ) are used for the image permutation, while R3 has been used for the image encryption.

4.1.2

Permutation

In this stage, the plaintext image is permuted twice. First permutation is done on the original image I using the first random matrix R1 . The resultant image after . Then the this stage is called Ip1 . This image Ip1 is now transposed and called Ip1

transposed image is permuted again using R2 , which produces the final permuted image I as described in Algorithm 4.

4.1.3

Diffusion

This is final stage of encryption process. The diffusion process starts with XOR operation among the pixels in the permuted matrix itself. During this process, each pixel XORed with its previous pixel. The first pixel in the permuted image is XORed with last pixel of the image. This process is repeated twice producing I . Further, the pixel values of I is substituted. The substitution process can be


91

Algorithm 4 The Scrambling process 1: procedure ScramblingProcess 2: I = ReadP lainImage() 3: for i = 0 to M do 4: for j = 0 to N do 5: x = R(i,j) N 6: x = R(i, j) − (x × M ) 7: if (y == 0) then 8: y=M 9: 10: 11: 12: 13: 14: 15: 16: 17:

end if if (X < 0) then x=x+1 end if I (x, y) = I(i, j); end for end forreturn I end procedure

expressed in the form of a digital circuit shown in Fig. 4.2.

2 bit binary counter S1 S0 (Operation Selector) 4X1

8 bit random number

8X1 d=1/0

(0, 0)

(1,0)

(0, 1)

S2 S1 S0

3 bit binary counter

Operation will applied or not

(1,1) I'(i, j)

2's Complement

bit shift

XOR

1's Complement

Substituted pixel Figure 4.2: A representation of the substitution process with all the function.

92CHAPTER 4. A CHAOS BASED SECURE IMAGE ENCRYPTION ALGORITHM The substitution process is an effective process comprising four bitwise operations which are 2’s complement, bit shift, XOR, and 1’s complement. This makes the encryption process lightweight, stronger and difficult to break. The diffusion process shown in Fig. 4.2 works with the help of the random number matrix R3 generated earlier. The diffusion circuit consists of a 4×1 multiplexer with selection lines (S0 , S1 ). Its output bit determines one of the four bit wise operations. An 8-bit random number element of R3 is passed to an 8 × 1 multiplexer which consists of eight input lines B0 to B7 and one output line. The three selection lines (S0 , S1 , S2 ) of the multiplexer select one bit, say d, out of the eight input bits. The selected bit d together with the output bit of 4 × 1 multiplexer, decide the operation to be performed on the pixel I (i, j). S0 0 1 1 0

S1 1 1 0 0

Operation 1’s complement XOR Shift operation 2’s complement

d=0 no action R3 ⊕ I Shift left no action

d=1 1’s complement R3 ⊕ I Shift right 2’s complement

Table 4.1: Operation selection

It is to be noted that S0 and S1 is same for both the multiplexers. All the rules for the substitution are given in Table 4.1.

4.2

Experimental Results

An encryption technique is only useful if it can sustain attacks from intruders, interceptors or any other form of malicious user. Here the tests were performed on four images. The plaintext images, histogram of plaintext images, and histogram of ciphertext images are shown in Fig. 4.3 (Cameraman image ), Fig. 4.4 (Lena image), Fig. 4.6 (Peppers image ), and Fig. 4.5 (Light House image). Results are tabulated in Table 4.2.


4.2.1

93

Correlation Coefficient Analysis

This test measures the degree of similarity between two variables. The correlation coefficient is expressed by Eq. 4.3.

cov(x, y) where (σx × σy ) N 1 Cov(x, y) = [(xt − E(x))(yt − E(y))] N t=1 CC =

(4.3)

Here x and y are the gray scale values of two pixels in the same place in the plain text and encrypted images. This test measures the similarity between two variables. Correlation coefficient must be close to zero or very low for better encrypted image. Test results are presented in Table 4.2.

4.2.2


Entropy of the source gives idea about self-information i.e. information provided by a random process about itself. It is expressed by Eq. 4.4

H(m) =

N −1 2

i=0

p(mi ) × log2

1 p(mi )

(4.4)

In Eq. 4.4, p(mi) represents probability of occurrence of the symbol. Ideally, its entropy should be 8 bits . Value less than 8 bits incurs certain degree of predictability. For a system to resist entropy attacks, the entropy of the system should be close to ideal values. The calculated values are given in Table 4.2.

4.2.3

Irregular Deviation

A good encryption algorithm should randomize the input pixels values in a uniform manner. This helps to prevent the situation in which some pixels will undergo a


(a) Original test image 1

(c) Encrypted test image 1

(b) Histogram of test image 1

(d) Histogram of encrypted test image 1

Figure 4.3: Test results of test image 1 (cameraman image)

small change from their initial value. If the encryption algorithm treats the pixel values randomly, the statistical distribution of the deviation tends to be a uniform distribution. The irregular deviation measures how much the statistical distribution of histogram deviation is close to uniform distribution. If irregular distribution is close to uniform distribution then the encryption algorithm is said to be good. First the absolute difference of the plain text image and the encrypted image is taken and its histogram, H is calculated. The average value for H is calculated as in Eq. 4.5 and irregular deviation (Id ) by Eq. 4.6. 1 hi 256 i=0 255

MH =

(4.5)


95





Figure 4.4: Test results of test image 2 (lena image)

Id =

255

|hi − MH |

(4.6)

i=0

where hi is the amplitude of the histogram at index i. Thereafter, irregular deviation is calculated as Eq. 4.6. Test results are presented in Table 4.2.

4.2.4

Peak Signal to Noise Ratio (PSNR)

PSNR can be used to evaluate an encryption scheme. PSNR reflects the encryption quality. It is a measurement which indicates the changes in the pixels values between the plaintext image and the ciphertext image. The PSNR is expressed as Eq. 4.7, where M is width and N is the height, P (i, j) is the pixel value of a plain text image at coordinate (i, j), C(i, j) is the pixel value of a ciphered text image at coordinate


(a) Original test image 3 (b) Histogram of test image 2



Figure 4.5: Test results of test image 3 (lighthouse image)

(i, j). Test results are presented in Table 4.2. M × N × 2552 P SN R = 10 × log10 M −1 N −1 2 i=0 j=0 (P (i, j) − C(i, j)) )

4.2.5

(4.7)

Diffusion Characteristics of Cryptosystem

A good encryption system must ensure a good diffusion. This means that if one bit in the plaintext is changed, then ciphered should change completely. Diffusion characteristics of an image encryption algorithm specifies that the output pixels of the ciphered image should depend on the input pixels of the plain text image in a very complex manner. Test results are presented in Table 4.2.


97





Figure 4.6: Test results of test image 4 (peppers image)

4.2.6

Avalanche Effect

A small change is key or plain text should cause significant change in cipher image. Strict Avalanche ensures a minimum 50 bit change in cipher image for 1 bit change in plaintext image. To calculate Avalanche effect, Mean Square Error (MSE) is used as expressed in Eq. 4.8. Let C1 and C2 are two ciphered images with keys differing in a single bit, expressed as Eq. 4.8. Test results are presented in Table 4.2.

M SE =

−1 N −1 M 1 [C1 (i, j) − C2 (i, j)]2 M × N i=0 j=0

(4.8)

98CHAPTER 4. A CHAOS BASED SECURE IMAGE ENCRYPTION ALGORITHM Images Coefficient Correlation Entropy Maximum Deviation Irregular Deviation PSNR Avalanche NPCR (%) UACI (%)

Cameraman Fig. 4.3 −4.89 × 10−4

Lena Fig. 4.4 0.00296

Peppers Fig. 4.6 0.00321

Light House Fig. 4.5 0.00562

7.9971 61779 70022 39.787 88.52 dB 99.30 33.65

7.9967 38052 80566 39.589 88.50 dB 99.61 33.50

7.9968 3.95x104 67510 39.218 88.52 dB 99.56 33.46

7.9958 35528 51664 38.014 88.48 dB 99.58 33.48

Table 4.2: Result of security analysis on four different images

4.2.7

Number of Pixel Change Rate (NPCR):

Let C1 and C2 be two cipher images for two plaintext images which vary in exactly one pixel value. The mathematical formulation is as Eq. 4.9. N P CR =

where D(i, j) =

i,j D(i, j) × 100 W ×H

⎧ ⎪ ⎪ ⎨0, if C1 (i, j) = C2 (i, j) ⎪ ⎪ ⎩1, if Otherwise

(4.9)

(4.10)

It is also defined as variance rate of pixels in the encrypted image caused by the change in the original image. Test results are presented in Table 4.2.

4.2.8

Unified Average Changing Intensity (UACI)

UACI measures the average intensity difference between plain text image and ciphered image. The mathematical formulation is as Eq. 4.11. Test results are presented in Table 4.2. ⎡ ⎤ |C (i, j) − C (i, j)| 1 1 2 ⎣ ⎦ × 100 i, j) U ACI = W ×H 255 (

(4.11)

4.3. SUMMARY

4.2.9

99

Key Space Analysis

The algorithm uses 3 sets of keys in all including the parameters for the standard map used in the random number matrix generator. The values of X1 , Y1 , X2 , Y2 are real numbers which lie between (0, 2). Since there can be infinite real numbers from 0 to 2. the key space for these keys are extremely large and almost impossible to be guessed. Similarly the value of the stochastic parameter K can be real and it has been shown that the chaotic region in the phase space increases with the increase in value of K.

4.2.10

Key Sensitivity Test

The key sensitivity test measures the percentage change in the ciphered image due to 1 bit change in keys for encryption. This test was applied on the cameraman image. Same images were encrypted twice for which there was only a single bit difference in one of the keys. The percentage difference in the two ciphered image was measured to be 99.32.

4.3

Summary

Chaos theory has proven its utilization in a number of fields. The randomness that can be generated using chaos theory motivates towards its use in the area of cryptography and network security. The test results of the encryption algorithm are promising. The proposed scheme may be extended for color image encryption. Further, research may done on compression during encryption, apply the algorithm for biometric image encryption etc.


Chapter 5 A Secure Image Encryption Scheme using Chaos and Wavelet Transformations Images are widely stored and transferred over public channel for communication, medical purpose or organizational uses. Mostly the images are collected from the remote location, therefore the confidentiality of the data becomes the most important matter of concern. The most convenient way to protect the data is to encrypt it right after capturing the images from the sensors at remote locations. This chapter furnishes an enhanced secure encryption scheme to assure the confidentiality of images at the time of transmission or storage. The discussed scheme has comparatively low computational overhead as it uses two dimensional discrete wavelet transform (2D DWT) for decomposition of the image and chaotic maps for generating pseudo random numbers sequence (PRNS). The scheme may be divided into two basic phases. In the first phase, it permutes the image using pseudo-random numbers generated by Arnold’s cat map followed by a transformation in 2D DWT for diffusion based on enhanced piece wise linear chaotic map (EPWLCM). The encryption scheme was tested statistically that exhibited

101

102

CHAPTER 5. IMAGE ENCRYPTION USING CHAOS & DWT

promising results . So the scheme is lightweight, effective, and secure to any attack. The scheme works with low computational overhead, but without compromising with the security. The scheme may be easily modified for color images or any other kind of data encryption1 . In the next Section (section 5.1), the EPWLCM is discussed and in Section 5.2 the two dimensional discrete wavelet transform is discussed. In Section 6.2, the image encryption algorithm is presented. Finally the summary is given in section 5.5.

5.1

Enhanced Piecewise Linear Chaotic Map

Enhanced Piecewise Linear Chaotic Map (PWLCM) is defined as Eq. 5.1 ⎧ ⎪ xn ⎪ , ⎪ q ⎪ ⎪ ⎨ xn+1 = F (xn , p) =

if xn ∈ [0, q)

xn −q , if xn ∈ [q, 0.5) 0.5−q ⎪ ⎪ ⎪ ⎪ ⎪ ⎩F (1 − x , q), if x ∈ (0.5, 1) n n

(5.1)

where xn belongs to (0, 1) , when control parameter q belongs to (0, 0.5), (1) evolves into a chaotic state and can be used as a secret key. PWLCM demonstrates uniform invariant distribution and properties like randomness, determinacy, and uncertainty. Therefore the map is capable of generating highly random sequence, which is most important for cryptography. Based on PWLCM, an improved piecewise linear chaotic map (MPWLCM) model is presented, which is denoted by Eq. 5.2

xn+1 = F (xn , p) =

xn − xn /q × q q

(5.2)

1 This chapter is accepted as “Bhaskar Mondal, Tarni Mandal, Danish Ali Khan, Tanupriya Choudhury “A Secure Biometric Image Encryption Scheme using Chaos and Wavelet Transformations”, Recent Patents on Engineering. Publisher: Bentham Science,doi: 10.2174/1872212111666 170223165916, vol. 12, no. 1, pp. 5-14, 2018. ”

5.2. DISCRETE WAVELET TRANSFORM (DWT)

103

where q (0 < q < 0.5) is the initial parameter. f loor(x) ≤ x denotes the maximal integer.

5.2

Discrete Wavelet Transform (DWT)

DWT is widely used in encryption and compression of digital images or signals. It decomposes a digital signal into a set of basis functions called wavelets. The DWT is found highly efficient and flexible technique for subband decomposition of digital signals. The 2D DWT is widely used as a key technique in image processing. In DWT, signal energy concentrates to specific wavelet coefficients. Using DWT [Bohme and Keiler, 2007] analysis, a signal can be decomposed into averages and coefficients. The coefficients are low-scale-high-frequency components and the averages or approximations are high-scale-low-frequency components. A forward transform wind up the data twice of a digital signal. The backward process does just the opposite by a lossless reconstruction of the signal, which is known as inverse DWT.

5.2.1

Haar wavelets

The most interesting property of Haar function is that except Haar (0, t), the k th Haar function may be constructed by the constraints of the (i − 1)th function multi√ plying with 2 and mapping over [0, 1] scale. The (i − 1)th function should be half of the signal, which is different from 0. Haar transformation achieved huge attention due to these properties, which makes the transformation close to wavelet transformation. Haar is a simple and oldest among wavelet transformations. Haar function is an odd rectangular pulse pair. The first two Haar functions are called as global functions, while the remaining are called as local functions. It is used in discrete wavelet transform to find information that is more discerning due to dissimilar resolutions at different parts of the time–frequency plane. The wavelet transforms allow subdividing the time-


104

frequency domain into non-uniform slates related with the time–spectral contents of the signal. The wavelet techniques are highly allied with classical foundation of the Haar functions. Scaling and dilation of a basic wavelet can generate the basis Haar functions. Haar wavelet is discontinuous and resembles a step function. Haar wavelet transform repeatedly does the pair up input values, store the differences and pass the sum. It pair ups the sums to generate the next scale which gives the differences and terminating sum. The Haar wavelet’s mother wavelet function ψ(t) is described as Eq. 5.3 and it’s scaling function in Eq. 5.4 ⎧ ⎪ ⎪ 1 ⎪ ⎪ ⎪ ⎨ ψ(t) = −1 ⎪ ⎪ ⎪ ⎪ ⎪ ⎩0

0 ≤ t < 12 , 1 2

≤ t < 1,

(5.3)

otherwise.

Its scaling function φ(t) can be described as

φ(t) =

5.3

⎧ ⎪ ⎪ ⎨1

0 ≤ t < 1,

⎪ ⎪ ⎩0

otherwise.

(5.4)


The proposed encryption scheme may be divided into two phases: a permutation phase followed by a diffusion phase. In the permutation phase, the plaintext image is taken as input and permuted using pseudo random sequence generated by the Arnoled’s chaotic map. In the diffusion phase, the permuted image is decomposed using 2D DWT and the pixel values are changed using PRNS generated by the EPWLCM. The encryption process is carried out in following steps:

1. An image (I) is taken as input.


105

2. The pixels of the image is permuted using Arnold’s cat map: For an original image I of size M × N , the following steps describe the permutation scheme: (a) Use the user provided key to generate a key sequence that is of the length of the maximum dimension of the image. If an image is M × N , then the key sequence will have a length of M . (b) Now the pseudo random sequence generated by Arnold’s map is used to switch the Rows. If the 1st value of the sequence is k, then the 1st row is swapped with k th row of the image. (c) Use another pseudo random sequence generated by the same Arnold’s map with different key to switch the columns. The column switching process is similar to the row switching. (d) Now the rows are circular shifted using the same pseudo random sequence as the scrambling achieved from row and column switching. (e) Similarly, the columns are also circular shifted using the different pseudo random sequence. 3. Then 2D discrete wavelet transform that is Harr wavelet is applied on the permutated image that leads to first level decomposition of the input image. 4. The pixels of the resultant image is diffused using another pseudorandom sequence generated by the enhanced piece wise linear chaotic map. 5. Using the values of x, the new pixel values are calculated by Eq. 5.5

k(i) = mod

x × 102 − x × 102 × 103 , 256

(5.5)

where k(i) is the pixel value at ith position. The pixel values are calculated, row-wise starting from 1st column followed by last column, the 2nd column followed by the 2nd last column and so on.

5.4. EXPERIMENTAL RESULT AND SECURITY ANALYSIS

107

image in Fig 5.6.

5.4.1

Histogram Analysis

Histogram analysis is a test for statistical analysis attack. It shows the distribution of values of an image or digital signal. A highly uniform histogram of encrypted image (cipher text) compared with the histogram of original image shows the strength of the encryption scheme. The histogram of original images and encrypted images of lena image in Fig. 5.2, Barbara image in Fig 5.3, baboon image in Fig 5.4, barbara image in Fig 5.5,and goldhill image in Fig 5.6 are presented.

(a) Plain image

(c) Encrypted image

(b) Histogram of plain image

(d) Histogram of encrypted image

Figure 5.2: The test result of lena image


(a) Plain image


(c) Encrypted image


109

Figure 5.4: The test result of Baboon image

N 1 xi N 1

(5.7)

N 1 (xi − E(x))2 N 1

(5.8)

E(x) =

D(x) =

Cov(x, y) =

N 1 (xi − E(x))(yi − E(y)) N 1

(5.9)

110


(a) Plain image

(c) Encrypted image



Figure 5.5: The test result of Barbara image

5.4.3

Peak Signal to Noise Ratio (PSNR)

PSNR can be used to evaluate the quality an encryption scheme. It is a measurement, which indicates the changes in the pixel values between the plaintext image and the ciphertext image. Where M is width N is the height, P (i, j) is the pixel value of a plain text image at coordinate (i, j), C(i, j) is the pixel value of a ciphered text image at coordinate (i, j) in Eq. 5.10. The test results are presented in Table 5.2.

M × N × 2552 P SN R = 10 × log1 0 M −1 N −1 2 i=0 j=0 (P (i, j) − C(i, j)) )

(5.10)


112

5.4.5


Entropy of the source gives self-information or uncertainty i.e. information available with a random source about itself.

(2N −1)

H(m) =

p(mi ) × log2

i=0

In Eq.

1 p(mi )

(5.12)

5.12, p(mi ) represents probability of occurrence of the symbol. When

symbols are encrypted from a random source that generates 256 gray scale values with equal probability, its entropy should be 8 bits in ideal case. If entropy is less than 8 bits, then there is certain degree of predictability. For a system to resists entropy attacks, the entropy of the system should be close to ideal values. The test results are presented and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b] in Table 5.3.

5.4.6

Number of Pixel Change Rate (NPCR )

Let C1 and C2 be cipher images for plain text images which vary in exactly one pixel value. The mathematical formulation is as Eq. 5.13. N P CR =

where D(i, j) =

D(i, j) × 100 W ×H i,j

⎧ ⎪ ⎪ ⎨0, if C1 (i, j) = C2 (i, j) ⎪ ⎪ ⎩1, if Otherwise

(5.13)

(5.14)

It is also defined as variance rate of pixels in the encrypted image caused by the change in the original image. The test results are presented and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b] in Table 5.4.


5.4.7

113

Unified Average Changing Intensity (UACI)

UACI measures the average intensity difference between plain text image and ciphered image. The mathematical formulation is as Eq. 5.15. The test results are presented and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b] in Table 5.5.

U ACI =

5.4.8

|C1 (i, j) − C2 (i, j)| 1 × 100 W × H i,j 255

(5.15)

Maximum Deviation

The maximum and irregular deviation of pixels between the plain text and cipher image demonstrates the quality of encryption. First the histogram for plain text image and the encrypted image is taken and their differences are calculated. Let di be the absolute difference between the two histograms for intensity I, then maximum deviation, D is calculated by using Eq.

5.16. The test results are presented and

compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b] in table 5.6. (d0 + d255 ) + di 2 i=1 255

D=

5.4.9

(5.16)

Irregular Deviation

A good cryptographic algorithm should change the input pixels values in a uniform and random manner. This helps to prevent the situation in which some pixels will undergo a small change from their initial value. If the cryptographic algorithm treats the pixel values randomly, the probability distribution of the deviation tends to be a uniform distribution. The irregular deviation demonstrates the closeness of


114

statistical distribution of histogram deviation with uniform distribution. If irregular distribution is close to uniform distribution then the cryptographic algorithm is said to be good. First the absolute difference of the plain text image and the encrypted image is taken and its histogram, H is calculated. The average value for H is calculated as in Eq. 5.17. Id =

255

|hi − MH |

(5.17)

i=0

where

1 hi 255 i=0 255

MH =

(5.18)

where hi is the amplitude of the histogram at index i. Thereafter irregular deviation is calculated as Eq. 5.17. The test results are presented and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b] in Table 5.7.

5.4.10

Operational Speed Analysis

The most important thing to consider for an algorithm is computational time. The proposed scheme was tested on an Intel(R) Core(TM)-i5 CPU M450 system with Windows 7 operating system. The time calculation was done on different sizes of images and the results are presented in Table 5.8.

5.4.11

Robustness against Chosen Cipher Text and KnownPlaintext Attack

The most common attack is known plaintext attack and chosen cipher text attack. In chosen cipher text attack a set of keys and a selected set of cipher texts are available with the attacker. The attacker tries to decrypt the cipher texts by applying the keys randomly. It may be possible only when the attacker does the operations in correct sequence with correct key. In case of known plaintext attack, some portion

5.5. SUMMARY

115

of plain text and corresponding cipher text are available with the attacker. The attacker tries to find out the encryption key by applying some statistical analysis on the plain text and cipher text. The proposed algorithm is robust against these attacks since the scheme needs correct sequence of operations with correct keys to decrypt any cipher text.

5.5

Summary

This chapter presents an effective image encryption scheme to assure security during transmission. This algorithm is based on wavelet transform and chaotic map, so changes have been done in frequency domain as well as time domain of two dimensional biometric image. The algorithm used a chaotic sequence which is highly random in nature than other PRNG. The chaotic maps are also runs on low computational overhead. Most of the operations in the proposed scheme used are simple and lightweight. So the scheme remains lightweight and runs on low computational overhead. Some important security analysis like histogram, correlation analysis, maximum deviation and computation time were analyzed. The results manifest that the proposed algorithm is secure and effective. The proposed algorithm may extended for text and color image encryption. The size of the cipher text remains same as the plaintext, but as storage is always costly and limited, the algorithm may be coupled with some compression technique.

CHAPTER 5. IMAGE ENCRYPTION USING CHAOS & DWT 116

Lena

Image

Direction

Goldhill

Barbara

Cameraman

Baboon

horizontal vertical diagonal horizontal vertical diagonal horizontal vertical diagonal horizontal vertical diagonal horizontal vertical diagonal

Plane image 0.9669 0.9818 0.9521 0.8717 0.7643 0.7275 0.9335 0.9592 0.9087 0.8584 0.9581 0.8412 0.9739 0.9766 0.9545

Proposed [Wang et al., 2012] Scheme -0.0015 -0.0085 0.0034 -0.0112 0.0046 -0.0115 -0.0012 -0.0099 0.0016 -0.0123 0.0028 0.0055 -0.0087 -0.0221 0.0006 -0.0113 -0.0008 0.0064 0.0024 -0.0053 0.0063 -0.0057 0.0087 0.0078 -0.0017 -0.0136 0.0021 -0.0096 0.0033 -0.0122

-0.0076 -0.0088 0.0434 0.0174 -0.0071 0.0133 0.0053 -0.0152 0.0158 -0.0211 -0.0171 -0.0120 0.0033 -0.0167 -0.0215

[Wang et al., 2015]

0.0011 0.0098 -0.0227 0.0071 -0.0065 -0.0165 -0.0047 -0.0195 0.0279 -0.0187 -0.0016 0.0001 -0.0339 0.0186 -0.0001

[Hua et al., 2015]

-0.0063 -0.0109 -0.0154 0.0038 -0.0082 0.0078 -0.0009 -0.0223 0.0025 0.0037 -0.0202 0.0046 0.0109 -0.0173 -0.0002

[Wang et al., 2010b]

Table 5.1: Correlation coefficient test results and comparison

5.5. SUMMARY

117

Image Lena (512 *512) Baboon (512 512) Cameraman (256* 256) Barbara (512 *512) Goldhill (512 *512)

MSE 90.65 121.86 110.77 104.34 104.05

PSNR 28.56 27.27 27.69 27.95 27.96

Table 5.2: Exprimented values of MSE and Peak Signal to Noise Ratio


Image Lena Baboon Cameraman Barbara Goldhill

Proposed Scheme 7.9963 7.9974 7.9985 7.9978 7.9960

[Wang et al., 2012] 7.9982 7.9865 7.9766 7.9984 7.9866

[Wang et al., 2015] 7.9941 7.9936 7.9935 7.9957 7.9936

[Hua et al., 2015] 7.9915 7.9934 7.9954 7.9937 7.9959

[Wang et al., 2010b] 7.9944 7.9956 7.9970 7.9974 7.9937

Table 5.3: Entropy The test results and comparison with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b]

[Wang et al., 2012] 99.6146 99.6092 99.6292 99.6162 99.6257

[Wang et al., 2015] 99.5511 99.5808 99.5749 99.5227 99.5332

[Hua et al., 2015] 99.6092 99.6236 99.6105 99.6402 99.6182

[Wang et al., 2010b] 99.6231 99.5728 99.6216 99.5178 99.6078

Table 5.4: NPCR (%) test results and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b]

Image Proposed Scheme Lena 99.6020 Baboon 99.6144 Camera-man 99.6258 Barbara 99.6059 Goldhill 99.6264

5.5. SUMMARY 119


Image lena baboon cameraman barbara gold hill

Proposed Scheme 1.485 1.556 1.586 1.574 1.457

[Wang et al., 2012] 33.5561 33.6284 33.7050 33.5776 33.7022

[Wang et al., 2015] 33.3461 33.3540 33.3691 33.3890 33.3912

[Hua et al., 2015] 33.6322 33.7386 33.6862 33.6714 33.7240

[Wang et al., 2010b] 33.8144 33.4723 33.7326 33.5052 33.7656

Table 5.5: UACI test results and compared with schemes in [Wang et al., 2012, Wang et al., 2015, Hua et al., 2015, Wang et al., 2010b]

Image Lena Baboon Cameraman Barbara Goldhill

Proposed Scheme 21339 22935 18007 18148 17984

[Wang et al., 2015] 19931 22966 16803 19384 17571

[Hua et al., 2015] 20811 22648 16674 17944 17138

Table 5.6: Maximum Deviation test results

[Wang et al., 2012] 21786 24254 17148 18155 17142

[Wang et al., 2010b] 20902 23173 17240 19394 17707

5.5. SUMMARY 121


Image lena baboon barbara cameraman golg hill

Proposed Scheme 40480 35088 39244 42708 43016

[Wang et al., 2012] 40904 35242 38900 42674 42996

[Wang et al., 2015] 40768 34706 39414 43014 42938 Table 5.7: Irregular Deviation

[Hua et al., 2015] 40820 34824 39380 42556 42714

[Wang et al., 2010b] 40634 34350 38604 42840 43114

5.5. SUMMARY

Image Size 128 × 128 256 × 256 512 × 512

123

Operational time (using 64- bit key) 0.1018 0.2999 0.9840

Table 5.8: Computation time of different size of images

124


Chapter 6 A Lightweight Secure Image Encryption Scheme and It’s Application in Watermarking Based on Chaos & DNA Computing This chapter presents a new lightweight cryptographic scheme for secure image communication. In this scheme, the plain image is permuted using a sequence of pseudo random number (PRN) and then encrypted by Deoxyribo Nucleic Acid (DNA) computation. Two PRN sequences are generated by a Pseudo Random Number Generator (PRNG) based on cross coupled chaotic logistic map using two sets of keys. The first PRN sequence is used for permuting the plain image whereas the second PRN sequence is used for generating random DNA sequence. The number of rounds of permutation and encryption may be variable to increase security. The scheme is presented for gray label images, but the scheme may be extended for color images and text data as well. The test results exhibit that the proposed scheme can defy

125

CHAPTER 6. CHAOS & DNA COMPUTING

126

any kind of attack1 . Further, this chapter presents an effective use of the encryption algorithm in audio watermarking. The watermark data is initially encrypted with the lightweight encryption scheme then the encrypted watermark data, embedded onto an audio using Discrete Cosign Transformation (DCT) and Discreet Wavelet Transformation (DWT). The test results are promising and the watermarked audio does not loose its quality2 . In this encryption scheme, a cross coupled chaotic logistic map is used which will generate highly randomized number sequence. The chaotic logistic map runs on low computational overhead, that makes it a lightweight PRNG. In the diffusion part, the scheme uses DNA computation as it is reversible. The DNA computation is like bit wise operations. Hence, the encryption process becomes very fast. This makes the entire algorithm a lightweight and fast process as well as resistive to any kind of known attack. In the next Section (Section 6.1), the PRBG is discussed followed by the encryption scheme in the Section 6.2. The experimental results and analysis are presented in Section 6.3. A short overview of audio watermarking, DCT, DWT is presented in Section 6.4.4. Section 6.5, presents the watermarking scheme in detail. The experimental security analysis of the watermark scheme is discussed in Section 6.6. Finally, the summary of the chapter is given in Section 6.7.

1 This part of the chapter was published as “2. Bhaskar Mondal, Tarni Mandal, “A Lightweight Secure Image Encryption Scheme Based on Chaos & DNA Computing”, Journal of King Saud University - Computer and Information Sciences, ISSN: 1319-1578, 2016” 2 This part of the chapter is accepted for publication “1. Bhaskar Mondal, Tarni Mandal, Danish Ali Khan, Tanupriya Choudhury, “Use of “A Lightweight Secure Image Encryption Scheme Based on Chaos & DNA Computing” for Encrypted Audio Watermarking, International Journal of Advanced Intelligence Paradigms”

6.1. CHAOS BASED PSEUDO RANDOM BITS GENERATION (PRBG)

6.1

127

Chaos based Pseudo Random Bits Generation (PRBG)

Using simple chaotic maps, large numbers of random numbers can be generated. For generating Pseudo Random Bits (PRB), two chaotic logistic maps are used in parallel, which are cross connected to each other as shown in Fig. 6.1. Each of the map generates one random number per iteration say xk+1 and yk+1 . One PRB is generated using the condition in Eq. 6.1 as shown below. ⎧ ⎨ 1 : xk+1 > yk+1 f (xk+1 , yk+1 ) = ⎩ 0 :x k+1 ≤ yk+1

(6.1)

xk+1 = μ1 xk (1 − xk ) f (xk+1 , yk+1 ) =

1 : xk+1 > yk+1 0 : xk+1 ≤ yk+1

Bit Stream

yk+1 = μ2 yk (1 − yk )

Figure 6.1: PRBG based on Cross Coupled Logistic Map The PRNG used in the encryption scheme is based on the proposed PRBG.

6.2


This section describes a robust, imperceptible and safe image encryption scheme. The step by step encryption procedure is as presented in Fig. 6.8:

The Permutation Phase • The PRNG is used to generate a random sequence. The initial conditions are chosen such that μ belongs to the range (3.65, 3.95) and x0 belongs to the range (0, 1). The values are chosen with a precision of 10 digits.


128

μ1 x1

Plain Image

μ 2 , x2

Logistic Chaotic Map

Convert to 1D

Random Number

Permutation

Random Bis Sequence Convert to DNA Sequence

Generation of DNA Sequence

DNA Computation

XORing each pixel to its previous pixel

Encrypted Image

Figure 6.2: Schematic layout diagram of the proposed scheme • The sequence generated by the above step is used to permute the pixels of plain image.

The substitution Phase • The permuted data is converted to DNA sequence (C). • Same PRNG is used again to generate a random bit sequence. For this purpose, this binary sequence is also converted to its DNA sequence (D). • The DNA sequences C and D are added together using Galva Field which results a new DNA sequence E. E is again converted back to sequence of 8-bit

6.3. EXPERIMENTAL RESULTS AND CRYPTANALYSIS

129

integer sequence F .

• XORing of each element of the sequence F is done with the elements previous to that index, which gives the final encrypted image.

6.3

Experimental Results and Cryptanalysis

The proposed algorithm was experimentally verified against various tests to check its robustness, imperceptibility and quality.

(a) Plain image


(c) Histogram of encrypted image

(d) Histogram of extracted test image 1 to test key sensitivity

Figure 6.3: The test result of lena image


130

(a) Plain image




Figure 6.4: The test result of airplane image

6.3.1

Key Space Analysis

The proposed scheme uses Logistic map, which involves two real numbers as their initial condition. As the precision of the parameters are 10−10 , the key space is 1040 , which is roughly equal to 2133 . This large key space eliminates all brute force and exhaustive attacks.

6.3.2

Key Sensitivity

The system is very sensitive to the initial conditions which form the cipher key for the encryption/decryption process. Certain tests were performed to examine the sensitivity of the key. If the value of x0 is increased by −1e10 in the decryption


131

(a) Plain image




Figure 6.5: The test result of baboon image process, the resulting decrypted image and histogram become as shown in Fig. 6.5(d), Fig.

??(d), and Fig.

??(d) which clearly shows the dependence of the

images on the initial conditions. The decrypted image is completely changed and is unrecognizable.

6.3.3

Differential Attacks

Differential attacks is the study of how differences in an input can affect the resultant difference at the output. Attackers take a pair of images which differ in small magnitude and then generate their cipher images from the same algorithm. Then they compare the two encrypted images, hoping to detect statistical patterns in their distribution. The two methods NPCR and UACI are used to test the performance


132 against differential attacks.

Number of Pixel Change Rate (NPCR) : It measures the percentage of different pixels between two cipher images whose plane images have the difference of only one pixel . Larger value is better. NPCR is expressed as Eq. 6.2 ⎧ ⎨ 0 D(i, j) = ⎩ 1

N P CR : N (C1 , C2 ) =


C1 (i, j) − C2 (i, j) F T˙

i,j

U ACI : U (C1 , C2 ) =

D(i, j) i,j

T

× 100%

× 100%

(6.2)

(6.3)

Unified Average Changing Intensity (UACI) : It measures the average intensity of differences between two cipher images. Smaller value is better. UACI is expressed as Eq. 6.3. The average values are tabulated as in Table 6.1

6.3.4

Statistical Attacks

Histogram analysis The histogram of the encrypted images are plotted below. It shows that the histogram of the encrypted image is uniform which makes statistical attacks difficult. The original test images in Fig.

6.5(a), Fig.

??(a) and their corresponding histogram shown in Fig.

??(a), and Fig.

6.5(b), Fig.

??(b), and

Fig. ??(b) and corresponding histogram after encryption are shown in Fig. 6.5(c), Fig. ??(c), and Fig. ??(c).

Information Entropy The information entropy is defined as the degree of uncertainties in the system. The greater the entropy, the more is the randomness in the image, or the image is more uniform. Thus statistical attacks become difficult.


133

Entropy is defined as in Eq. 6.4

H(m) =

N −1 2

p(mi ) × log2

i=0

1 p(mi )

(6.4)

; where p is the histogram counts returned from histogram. For an ideal random image, the entropy is calculated to be 8. So closer to 8, better is the randomness in the image. The entropy of the image was calculated and is plotted in the table 6.1. Image Entropy Lena 7.99925692 Baboon 7.99930193 Airplane 7.99923814

Correlation 0.001178542895092 0.001576673227643 0.00007263856137

NPCR (%) 99.7570 98.0961 99.1405

UACI (%) 0.3912 0.7702 1.5548

Table 6.1: Results of different statistical test

Correlation Coefficient It tells us how much there is relation between the same pixels of the original and the encrypted image. It is calculated from the formula below Eq. 6.5.

(Amn − A)(Bmn − B) r = m n 2 2 mn (Amn − A) mn (Bmn − B)

(6.5)

where A and B are the original and the encrypted image respectively. The lower the value of the correlation coefficient is considered better. The values were found as shown in Table 6.1.

6.3.5

Complexity:

To encrypt an image A of size M × N , the proposed algorithm generates M × N number of random numbers using the chaotic map. Therefore, the time complexity to generate M × N numbers of random number is O(n). Again the algorithm generates a random DN A sequence of M × N bits using the same chaotic map. So, again the complexity to generate M × N × 8 numbers of random bits is O(n). Thereafter it performs a series of DNA addition or subtractions of size (M × N 2),


134

which has a complexity of O(n). Finally, it makes a chain XOR operations which is of O(n). So overall time complexity of the algorithm is O(n).

6.4 6.4.1

Encrypted Audio Watermarking Steganography and Watermarking Embedding

Steganography [C and Rudko, 2002, Mondal and Singh, 2013] is the method of hiding secret massage into an cover media like image, audio, video etc. without loosing significant quality of the cover media. Steganography schemes may be based on some secret key. The most important quality of an steganography scheme requires that the secret massage should not loose its quality even if some noise is added to the embedded cover media [Tefas et al., 2003]. The embedding and extraction process of a typical watermarking scheme is shown in Fig. 6.6. In case of digital watermarking the copyright information is embedded onto the cover media of some intellectual property.

6.4.2

Audio Watermarking

International Federation of the Phonographic Industry (IFPI) defines the required parameter of an audio watermarking technique, which are capacity, perceptibility, asymmetry and speed [Petitcolas, 2000, Katzenbeisser and Petitcolas, 2000]. Audio watermarking can be done in time domain using methods like LSB substitution [Mondal and Singh, 2013, Mondal and Mandal, 2014] or in transformation domain [Mondal and Mandal, 2013] like discrete cosine transform and discrete wavelet transform. Watermarking in transformation domain is always advisable due to its high robustness against filtering [Bhat et al., 2008]. Fig. 6.6 represents the watermark embedding and extraction process.

6.4. ENCRYPTED AUDIO WATERMARKING

135

Watermark Data Original Signal

Embedding Procedure

Watermarked Signal

Watermark Key

Embedding Process Extraction Process Extracted watermark

watermark (Optional)

Extraction Process

Watermark Key

Figure 6.6: The watermark embedding and extraction process Attacks and Noise Framimg

DCT Original Signal

Embaded Watermark and IDCT Original Watermark

DCT

Framing

Extracted Watermark

Watermarked Signal

Embedding Process

Watermark Extraction

Figure 6.7: Watermarking using discrete cosine transform

6.4.3

Discrete Cosine Transform(DCT)

DCT decomposes a 1D or 2D signal like image or audio into frequency components as shown in Fig. 6.7 in spectral domain, which has the properties like Discrete Fourier Transformation [Watson, 1994]. 2D DCT is widely used in image encryption and compression. Eq.

6.6 and Eq.

6.7 represents the reconstruction of an signal of

dimension M × N . Cdct2 (u, v) = α(u)α(v) cos

−1 M −1 N

fdct2 (x, y)×

x=0 y=0

π(2x + 1)u π(2y + 1)v cos 2M 2N

(6.6)


136

fdct2 (x, y) =

−1 M −1 N

α(u)α(v)Cdct2 (u, v)×

x=0 y=0

cos

π(2x + 1)u π(2y + 1)v cos 2M 2N

And,

1 M 2 = M

for u = 0

(u) =

Similarly,

for u = 0

1 N 2 = N

for v = 0

(v) =

6.4.4

(6.7)

for v = 0

Discrete Wavelet Transform(DWT)

Using DWT [AL-Nabhani et al., 2015] analysis, a signal can be decomposed into averages and coefficients. The coefficients are low-scale-high-frequency components and the approximations are high-scale-low-frequency components. A forward transform winds up the data of a digital signal twice. The backward process does just the opposite by a lossless re-construction of the signal, which is known as inverse DWT [Nematollahi et al., 2015]. Eq. 6.8 represent forward DWT and Eq. 6.9 represent inverse DWT. ajk =

∗ f (t)ψjk (t)

(6.8)

t

f (t) =

k

j

where ψ ∗jk (t) = 2 2 (2j t − k)

j

∗ ajk ψjk (t)

(6.9)

6.5. THE WATERMARK ENCRYPTION SCHEME

6.5

137

The Watermark Encryption Scheme

The whole process may be divided into two parts, the encryption of watermark data using “A Lightweight Secure Image Encryption Scheme Based on Chaos & DNA Computing” and then embedding the encrypted watermark data onto the audio signal. The overall process is shown in Fig. 6.8.

6.5.1

Embedding Encrypted Watermark

The step by step algorithm to embed the encrypted watermark in the audio sample is shown below. 1. First step towards embedding the encrypted watermark in the audio is to decompose the audio using DWT. Daubechies 4 (db4) wavelet is used for the decomposition. The 3rd level decomposed approximate wavelet is taken for the embedding process. 2. Then the acquired signal is divided into equal sized frames. The frame size depends on the number of frames required. 3. Frames are selected randomly on which watermark bits have to be embedded. A chaotic logistic map is used to select the frame. 4. For embedding bits of the watermark, the selected frame is taken in sequence and the following steps are applied. (a) The Direct Cosine Transform (DCT) of the frame is taken. (b) If the selected frame is of an odd index, then perform embedding on the first coefficient (DC component) of the transform. Else, use the 4th AC component, i.e., the 5th coefficient of the transform. (c) A quantization key (Q) is selected. (d) To modify the frame following steps are applied.


138

i. Select a variable (say quant), assign it a value 0. ii. If Qf is odd, then quant = 1. iii. The quantized value is calculated and added to the frame.

Q f f = Q + If quant = w(i) Q 2 3Q f if quant = w(i) = Q + Q 2 f Q and f − Q ≥ Q 2 f Q = Q − if quant = w(i) Q 2 Q f and f − Q < Q 2 5. If the index of the frame is even then replace the 1st else replace the 5th coefficient of the transform with the modified frame.

6. The inverse DCT of the transformed frame is taken and assigned back to its correct place.

Copy the frames back into the 3rd approximate waveform obtained from the discrete wavelet transform. Finally the inverse DWT of the matrix is obtained to generate the watermarked audio.

6.6

Experimental Results and Security Analysis

The proposed algorithm was experimentally tested to check its robustness, imperceptibility and quality. The watermark encryption tests were done on a speech and a music sound. The original and watermarked audio signal are shown in Fig. 6.9.

6.6. EXPERIMENTAL RESULTS AND SECURITY ANALYSIS μ1 x 1

Watermark Data

Cover Audio

Logistic Chaotic Map

Convert to 1D

Permutation

μ 2 , x2 μ 3 , x3

Random Number

139

DWT

Random Numbers Random Bis Sequence

Convert to DNA Sequence

Generation of DNA Sequence

DNA Computation

XORing each pixel to its previous pixel

DCT

Frame Selection

Embedding Procedure

Watermarked Audio

Figure 6.8: Schematic layout diagram of the proposed scheme

6.6.1

Analysis of Watermark Embedding

Listening

The watermarked audio was played before five people of different age groups and they all claimed that it was indistinguishable from the original audio. This confirms that the addition of watermark had no effect on the audibility of the sound. The sound waves of the original and watermarked signal are plotted in Fig. 6.9.

Signal to Noise Ratio (SNR)

The SNR represents the ratio of original signal power to the power of noise. The IFPI recommends minimum 20db for watermark embedded audio signal. The test result shows that the SNR is higher than 20db, keeping the quality of audio. The


140

Figure 6.9: Sound waves of original and watermarked signals

test results are documented in table 6.2. It is calculated using the Eq. 6.10. SN R = 10 log10

M M

a=1

Z 2 (a)

a=1 [Z(a)

− Z (a)]2

(6.10)

where M is the number of frames in the sample, Z is the un-watermarked frame, and Z is the watermarked frame.

RMS Error

The deviation between the original signal and the watermarked signal can be estimated by using its Root Mean Square Error of their difference. It is calculated using Eq. 6.11.

RM S =

(A − B)2 n

The test results are documented in Table 6.2.

n

(6.11)

142


proposed scheme may be used in any secret communication of defense, intelligence or government over public channel to protect the ownership, anonymity and nonprudentiality. The results were found to be satisfactory. However, there is scope for further extensions of the embedding and encryption techniques so as to make it resistant to cropping from various sections of the audio and compression of audio signal as well.

Chapter 7 Conclusions and Scope of Future Work

7.1

Conclusions

Cryptographic algorithms are tools to protect the information infrastructure in our rapidly evolving information age. We are increasingly dependent on the data communication, and the use of complex software applications, supported by the growing availability of Internet and open computing platforms. While the trend towards increased access to Internet and public channel, offers new opportunities, at the same time it poses new threats of information security. In many applications, an adversary can obtain access to the implementation of cryptosystems, and reveal certain aspects of an algorithm. This eventually can lead to the extraction of confidential information. In this book, the design of the chaos based encryption and its applications in encrypted watermarking is presented and analyzed in details. Five different encryption algorithms were presented in Chapter 3 to Chapter 7 in the book. The algorithms were designed and tested using a number of statistical and differential methods. The results in all cases were promising and it proved the security strength 143

144

CHAPTER 7. CONCLUSIONS AND SCOPE OF FUTURE WORK

of the designed encryption schemes. All the presented algorithms are based on chaotic maps, LFSR, DNA operations, genetic operations, XOR and other bit wise operations. All these techniques runs on low computational cost and they have been used in such a way that the designed algorithms achieve lowest computational overhead. Therefore, the presented schemes are lightweight and runs with low computational cost.

Performance Evaluation of Chaotic Maps A performance evaluation of five chaotic map was presented in the Introduction chapter. Chaotic logistic map, 2D standard map, Arnold’d Cat map, piecewise linear chaotic map and skew tent map were taken for the performance evaluation. For the purpose of performance evaluation Liapunov Exponent and phase diagram were analyzed. The study gives a clear direction towards the selection and analysis of chaotic maps for cryptographic applications.

Cryptographic Image Scrambling A study of cryptographic image scrambling was done as a part of literature survey. The study covers most of the widely used cryptographic image scrambling techniques including generalized matrix-based scrambling (transformation) [Li, 2008] using Arnold’s transform [Abbas, 2016] and Fibonacci transform [Zhou et al., 2012], gray code with bit plane transformation [Zhou et al., 2015], 2D mapping [WANG and WANG, 2012], key based row and column shifting [Premaratne and Premaratne, 2012, Mondal and Mandal, 2017], and Fu et. al.’s key based row and column shifting with bit-level permutation [Fu et al., 2011b]. The study gives a clear idea of different image scrambling techniques used in confusion (permutation) phase of image encryption algorithms. Correlation between the original image and the scrambled image, correlation between the current pixel and horizontal, vertical and diagonal pixels, entropy, computational complexity were compared for quality evaluation of

7.1. CONCLUSIONS

145

the scrambling techniques.

Pseudo Random Number Generators

A new chaotic map was proposed and used as PRNG in Chapter 5. The piecewise linear chaotic map was modified to enhance its performance. The new map is named as enhanced piecewise linear chaotic map. A new algorithm was designed based on the enhanced piecewise linear chaotic map, which shows good encryption qualities. A Hybrid Pseudo Random Number Generator (HPRNG) was designed based on LFSR and chaotic maps in Chapter 6. The HPRNG was tested with NIST cryptographic random number test suite, DIEHARD. The HPRNG passes all the tests and shows high randomness. A new encryption algorithm was designed using the HPRNG and the encryption scheme exhibits high quality of encryption. Another PRNG was designed using two cross-coupled logistic maps. Two logistic maps were connected in cross-coupled way that made them dependent on each other. The PRNG shows high randomness. It was used for designing a new encryption algorithm in Chapter 7.

7.1.1

Application in Watermark

In Chapter 7, a cryptographic audio watermarking scheme is presented based on the encryption algorithm. In the watermarking scheme, the watermark data is encrypted first and then embedded on to the cover audio. The test result shows that the scheme is secure and the audio does not lose its quality after embedding the watermark data.

146

7.2

CHAPTER 7. CONCLUSIONS AND SCOPE OF FUTURE WORK

Future Work

Design of Hardware As all the presented encryption schemes are based on such techniques that can be deployed on hardware. Therefore, there is a high scope of developing hardware for these encryption schemes. Further, the performance of the hardware may be compared with the results furnished in the book.

Uses in Wireless Sensor Network (WSN) and Internet of Things (IoT) As all the encryption algorithms are lightweight and run on low computational cost, they may be used for resource constrained devices like WSN nodes or IoT devices. The WSN nodes or IoT devices are usually built with low memory and processing power due to their small size and battery powered energy supply. Therefore, these schemes may be suitable for WSN nodes or IoT devices.

Encryption and Compression The presented schemes do not compress the data or increase the size of encrypted data. But as we know that most of the data around us are containing huge redundant information, developing some compression scheme as integral part of these encryption algorithms may prove effective and useful.

Bibliography [Abbas, 2016] Abbas, N. A. (2016). Image encryption based on independent component analysis and arnold’s cat map. Egyptian Informatics Journal, 17(1):139 – 146. [Abd-El-Hafiz et al., 2016] Abd-El-Hafiz, S. K., AbdElHaleem, S. H., and Radwan, A. G. (2016). Novel permutation measures for image encryption algorithms. Optics and Lasers in Engineering, 85:72 – 83. [Adleman et al., 1999] Adleman, L. M., Rothemund, P. W., Roweis, S., and Winfree, E. (1999). On applying molecular computation to the data encryption standard. Journal of Computational Biology, 6(1):53–63. [Ahmad and Ahmed, 2012] Ahmad, J. and Ahmed, F. (2012). Efficiency analysis and security evaluation of image encryption schemes. volume 12, pages 18–31. [Akhavan et al., 2006] Akhavan, A., Mahmodi, H., and Akhshani, A. (2006). A New Image Encryption Algorithm Based on One-Dimensional Polynomial Chaotic Maps, pages 963–971. Springer Berlin Heidelberg, Berlin, Heidelberg. [AL-Nabhani et al., 2015] AL-Nabhani, Y., Jalab, H. A., Wahid, A., and Noor, R. M. (2015). Robust watermarking algorithm for digital images using discrete wavelet and probabilistic neural network. Journal of King Saud University Computer and Information Sciences, 27(4):393 – 401. [Alwahbani and Bashier, 2013] Alwahbani, S. M. H. and Bashier, E. B. M. (2013). Speech scrambling based on chaotic maps and one time pad. In Computing, 147

148

BIBLIOGRAPHY

Electrical and Electronics Engineering (ICCEEE), 2013 International Conference on, pages 128–133. [Ayinala and Parhi, 2011] Ayinala, M. and Parhi, K. (2011). High-speed parallel architectures for linear feedback shift registers. Signal Processing, IEEE Transactions on, 59(9):4459–4469. [Barni et al., 1998] Barni, M., Bartolini, F., Cappellini, V., and Piva, A. (1998). A dct-domain system for robust image watermarking. Signal Process., 66(3):357– 372. [Belazi et al., 2016] Belazi, A., El-Latif, A. A. A., and Belghith, S. (2016). A novel image encryption scheme based on substitution-permutation network and chaos. Signal Processing, 128:155 – 170. [Bhat et al., 2008] Bhat, V., Sengupta, I., and Das, A. (2008). Audio watermarking based on quantization in wavelet domain. In Information Systems Security, pages 235–242. Springer. [Bhatnagar and Wu, 2014a] Bhatnagar, G. and Wu, Q. (2014a). Enhancing the transmission security of biometric images using chaotic encryption. Multimedia Systems, 20(2):203–214. [Bhatnagar and Wu, 2014b] Bhatnagar, G. and Wu, Q. M. (2014b). Enhancing the transmission security of biometric images using chaotic encryption. Multimedia Syst., 20(2):203–214. [Bhatnagar and Wu, 2012] Bhatnagar, G. and Wu, Q. M. J. (2012). Chaos-based security solution for fingerprint data during communication and transmission. IEEE Transactions on Instrumentation and Measurement, 61(4):876–887. [Biham and Shamir, 2012] Biham, E. and Shamir, A. (2012). Differential cryptanalysis of the data encryption standard. Springer Science & Business Media.

BIBLIOGRAPHY

149

[Bilal et al., 2013] Bilal, M., Imtiaz, S., Abdul, W., Ghouzali, S., and Asif, S. (2013). Chaos based zero-steganography algorithm. Multimedia Tools and Applications. [Biryukov and Kushilevitz, 1998] Biryukov, A. and Kushilevitz, E. (1998). From differential cryptanalysis to ciphertext-only attacks, pages 72–88. Springer Berlin Heidelberg, Berlin, Heidelberg. [Biswas et al., 2015] Biswas, K., Muthukkumarasamy, V., and Singh, K. (2015). An encryption scheme using chaotic map and genetic operations for wireless sensor networks. Sensors Journal, IEEE, 15(5):2801–2809. [Boeing, 2016] Boeing, G. (2016). Visual analysis of nonlinear dynamical systems: Chaos, fractals, self-similarity and the limits of prediction. Systems, 4(4). [Bohme and Keiler, 2007] Bohme, R. and Keiler, C. (2007). On the security of x201c;a steganographic scheme for secure communications based on the chaos and the euler theorem x201d;. IEEE Transactions on Multimedia, 9(6):1325–1329. [Boneh, 1999] Boneh, D. (1999). Twenty years of attacks on the rsa cryptosystem. Notices of the AMS, pages 1–16. [Bouslimi et al., 2016] Bouslimi, D., Coatrieux, G., Cozic, M., and Roux, C. (2016). Data hiding in encrypted images based on predefined watermark embedding before encryption process. Signal Processing: Image Communication, 47:263 – 270. [Budiansky, 2000] Budiansky, S. (2000). Battle of Wits: The Complete Story of Codebreaking in World War II. Free Press. [C and Rudko, 2002] C, S. and Rudko (Spring 2002). Hidden bits: A survey of techniques for digital watermarking. [Chan and Cheng, 2004] Chan, C.-K. and Cheng, L. (2004). Hiding data in images by simple {LSB} substitution. Pattern Recognition, 37(3):469 – 474.

150

BIBLIOGRAPHY

[Cheddad et al., 2010] Cheddad, A., Condell, J., Curran, K., and Mc Kevitt, P. (2010). Digital image steganography: Survey and analysis of current methods. Signal Processing, 90(3):727–752. [Chen et al., 2014] Chen, F., wo Wong, K., Liao, X., and Xiang, T. (2014). Period distribution of generalized discrete arnold cat map. Theoretical Computer Science, 552:13 – 25. [Cho and Miyano, 2015] Cho, K. and Miyano, T. (2015). Chaotic cryptography using augmented lorenz equations aided by quantum key distribution. Circuits and Systems I: Regular Papers, IEEE Transactions on, 62(2):478–487. [Cong et al., 2006] Cong, J., Jiang, Y., Qu, Z., and Zhang, Z. (2006). A wavelet packets watermarking algorithm based on chaos encryption. In Computational Science and Its Applications - ICCSA 2006, volume 3980 of Lecture Notes in Computer Science, pages 921–928. Springer Berlin Heidelberg. [Coppersmith, 1994] Coppersmith, D. (1994). The data encryption standard (des) and its strength against attacks. IBM J. Res. Dev., 38(3):243–250. [Daemen and Rijmen, 1991] Daemen, J. and Rijmen, V. (1991). The design of rijndael. Journal of Cryptology, 4(1):3–72. [Daemen and Rijmen, 2002a] Daemen, J. and Rijmen, V. (2002a). The Design of Rijndael. Springer-Verlag New York, Inc., Secaucus, NJ, USA. [Daemen and Rijmen, 2002b] Daemen, J. and Rijmen, V. (2002b). The Design of Rijndael. Springer-Verlag New York, Inc., Secaucus, NJ, USA. [Dascalescu and Boriga, 2013] Dascalescu, A. C. and Boriga, R. E. (2013). A novel fast chaos-based algorithm for generating random permutations with high shift factor suitable for image scrambling. Nonlinear Dynamics, 74(1-2):307–318. [Diffie and Hellman, 1976] Diffie, W. and Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654.

BIBLIOGRAPHY

151

[Dodis and Smith, 2004] Dodis, Y. and Smith, A. (2004). Entropic security and the encryption of high entropy messages. Cryptology ePrint Archive, Report 2004/219. http://eprint.iacr.org/2004/219. [Elgamal, 1985] Elgamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469–472. [Elkamchouchi and Makar, 2005] Elkamchouchi, H. M. and Makar, M. A. (2005). Measuring encryption quality for bitmap images encrypted with rijndael and kamkar block ciphers. In Proceedings of the Twenty-Second National Radio Science Conference, 2005. NRSC 2005., pages 277–284. [Feistel, 1974] Feistel, H. (1974). Block cipher cryptographic system. US Patent 3,798,359. [Fridrich, 1997] Fridrich, J. (1997). Image encryption based on chaotic maps. In Systems, Man, and Cybernetics, 1997. Computational Cybernetics and Simulation., 1997 IEEE International Conference on, volume 2, pages 1105–1110 vol.2. [Fridrich, 1998] Fridrich, J. (1998). Symmetric ciphers based on two-dimensional chaotic maps. International Journal of Bifurcation and Chaos, 08(06):1259–1284. [Fu et al., 2011a] Fu, C., bin Lin, B., sheng Miao, Y., Liu, X., and jie Chen, J. (2011a). A novel chaos-based bit-level permutation scheme for digital image encryption. Optics Communications, 284(23):5415 – 5423. [Fu et al., 2011b] Fu, C., bin Lin, B., sheng Miao, Y., Liu, X., and jie Chen, J. (2011b). A novel chaos-based bit-level permutation scheme for digital image encryption. Optics Communications, 284(23):5415 – 5423. [Fu et al., 2007] Fu, C., Zhang, Z.-c., Chen, Y., and Wang, X.-w. (2007). An improved chaos-based image encryption scheme. Computational Science–ICCS 2007, pages 575–582.

152

BIBLIOGRAPHY

[Han et al., 2007] Han, F., Hu, J., Yu, X., and Wang, Y. (2007). Fingerprint images encryption via multi-scroll chaotic attractors. Appl. Math. Comput., 185(2):931– 939. [Han et al., 2003] Han, Z., Feng, W. X., Hui, L. Z., Da Hai, L., and Chou, L. Y. (2003). A new image encryption algorithm based on chaos system. In Robotics, intelligent systems and signal processing, 2003. Proceedings. 2003 IEEE international conference on, volume 2, pages 778–782. IEEE. [Hermassi et al., 2011] Hermassi, H., Rhouma, R., and Belghith, S. (2011). Improvement of an image encryption algorithm based on hyper-chaos. Telecommunication Systems, 52(539):539–549. [Houas et al., 2016] Houas, A., Mokhtari, Z., Melkemi, K. E., and Boussaad, A. (2016). A novel binary image encryption algorithm based on diffuse representation. Engineering Science and Technology, an International Journal, 19(4):1887 – 1894. [Hua et al., 2015] Hua, Z., Zhou, Y., Pun, C.-M., and Chen, C. P. (2015). 2d sine logistic modulation map for image encryption. Information Sciences, 297:80 – 94. [I. J. Cox and Shamoon, 1997] I. J. Cox, J. Kilian, F. T. L. and Shamoon, T. (1997). Secure spread spectrum watermarking for multimedia. IEEE Trans. Image Processing, 6:1673–1687. [Jakimoski and Kocarev, 2001] Jakimoski, G. and Kocarev, L. (2001). and cryptography: block encryption ciphers based on chaotic maps.

Chaos IEEE

Transactions on Circuits and Systems I: Fundamental Theory and Applications, 48(2):163–169. [Jolfaei et al., 2016] Jolfaei, A., Wu, X. W., and Muthukkumarasamy, V. (2016). On the security of permutation-only image encryption schemes. IEEE Transactions on Information Forensics and Security, 11(2):235–246.

BIBLIOGRAPHY

153

[Kahn, 1996] Kahn, D. (1996). The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Scribner. [Karmakar et al., 2016] Karmakar, A., Phadikar, A., Phadikar, B. S., and Maity, G. K. (2016). A blind video watermarking scheme resistant to rotation and collusion attacks. Journal of King Saud University - Computer and Information Sciences, 28(2):199 – 210. [Katariya, 2012] Katariya, S. S. (2012). Digital watermarking: Review. International Journal of Engineering and Innovative Technology, 1(2):143–153. [Katzenbeisser and Petitcolas, 2000] Katzenbeisser, S. and Petitcolas, F. A., editors (2000). Information Hiding Techniques for Steganography and Digital Watermarking. Artech House, Inc., Norwood, MA, USA, 1st edition. [Klaoudatou et al., 2011] Klaoudatou, E., Konstantinou, E., Kambourakis, G., and Gritzalis, S. (2011). A survey on cluster-based group key agreement protocols for wsns. IEEE Communications Surveys Tutorials, 13(3):429–442. [Kruh and Deavours, 2002] Kruh, L. and Deavours, C. (2002). The commercial enigma: Beginnings of machine cryptography. Cryptologia, 26(1):1–16. [Kwok and Lam, 2008] Kwok, S. and Lam, E. (2008). Effective uses of fpgas for brute-force attack on rc4 ciphers. Very Large Scale Integration (VLSI) Systems, IEEE Transactions on, 16(8):1096–1100. [Lamba, 2010] Lamba, C. S. (2010). Design and analysis of stream cipher for network security. In Communication Software and Networks, 2010. ICCSN ’10. Second International Conference on, pages 562–567. [Lei et al., 2016] Lei, M., Yang, Y., Liu, X., Cheng, M., and Wang, R. (2016). Audio zero-watermark scheme based on discrete cosine transform-discrete wavelet transform-singular value decomposition. China Communications, 13(7):117–121.

154

BIBLIOGRAPHY

[Li et al., 2012] Li, C., Zhang, L. Y., Ou, R., Wong, K.-W., and Shu, S. (2012). Breaking a novel colour image encryption algorithm based on chaos. Nonlinear Dynamics, 70(4):2383–2388. [Li, 2008] Li, X. (2008). A generalized matrix-based scrambling transformation and its properties. In Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for, pages 1429–1434. [Li et al., 2017] Li, Y., Wang, C., and Chen, H. (2017). A hyper-chaos-based image encryption algorithm using pixel-level permutation and bit-level permutation. Optics and Lasers in Engineering, 90:238 – 246. [Lian et al., 2005] Lian, S., Sun, J., and Wang, Z. (2005). A block cipher based on a suitable use of the chaotic standard map. Chaos, Solitons & Fractals, 26(1):117 – 129. [Liardet and Teglia, 2010] Liardet, P. and Teglia, Y. (2010). Protection of a des algorithm. US Patent 7,764,786. [Lima et al., 2013] Lima, J., Lima, E., and Madeiro, F. (2013). Image encryption based on the finite field cosine transform. Signal Processing: Image Communication, 28(10):1537 – 1547. [Lin et al., 2001] Lin, C.-Y., Wu, M., Bloom, J., Cox, I. J., Miller, M., and Lui, Y. M. (2001). Rotation, scale, and translation resilient watermarking for images. Image Processing, IEEE Transactions on, 10(5):767–782. [Liu et al., 2016a] Liu, D., Luo, X., Li, Y., Shao, Z., and Guan, Y. (2016a). An energy-efficient encryption mechanism for nvm-based main memory in mobile systems. Journal of Systems Architecture, pages –. [Liu et al., 2016b] Liu, H., Kadir, A., and Li, Y. (2016b). Audio encryption scheme by confusion and diffusion based on multi-scroll chaotic system and one-time keys. Optik - International Journal for Light and Electron Optics, 127(19):7431 – 7438.

BIBLIOGRAPHY

155

[Liu and Sun, 2009] Liu, S. and Sun, F. (2009). Spatial chaos-based image encryption design. Science in China Series G: Physics, Mechanics and . . . , 52(2):177– 183.

[Liu et al., 2016c] Liu, W., Sun, K., and Zhu, C. (2016c). A fast image encryption algorithm based on chaotic map. Optics and Lasers in Engineering, 84:26 – 36.

[Lorenz, 1963] Lorenz, E. N. (1963). Deterministic nonperiodic flow. Journal of the Atmospheric Sciences, 20(2):130–141.

[Mirzaei et al., 2012] Mirzaei, O., Yaghoobi, M., and Irani, H. (2012). A new image encryption method: parallel sub-image encryption with hyper chaos. Nonlinear Dynamics, 67(1):557–566.

[Mondal et al., 2016] Mondal, B., Bhowmick, A., Choudhury, T., and Mandal, T. (2016). A key agreement scheme for smart cards using biometrics. In 2016 International Conference on Computing, Communication and Automation (ICCCA), pages 1011–1015.

[Mondal and Mandal, 2013] Mondal, B. and Mandal, T. (2013). A multilevel security scheme using chaos based encryption and steganography for secure audio communication. International Journal of Research in Engineering and technology, 02(10):399–403.

[Mondal and Mandal, 2014] Mondal, B. and Mandal, T. (2014). A secret shearing algorithm based on lsb substitution. International Journal of Computer Applications, 92(4).

[Mondal and Mandal, 2017] Mondal, B. and Mandal, T. (2017). A light weight secure image encryption scheme based on chaos & dna computing. Journal of King Saud University - Computer and Information Sciences, 29(4):499 – 504.

156

BIBLIOGRAPHY

[Mondal et al., 2013] Mondal, B., Priyadarshi, A., and Hariharan, D. (2013). An improved cryptography scheme for secure image communication. International Journal of Computer Applications, 67(18):23–27. [Mondal and Singh, 2013] Mondal, B. and Singh, S. K. (2013). A highly secure steganography scheme for secure communication. In Proceedings.,International Conference of Computation and Communication Advancement (IC3A)-2013, volume 3, pages 88–92. [Mondal et al., 2015] Mondal, B., Sinha, N., and Mandal, T. (2015). A secure image encryption algorithm using lfsr and rc4 key stream generator. In Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics, pages 227–237. Springer India. [Mosa et al., 2010] Mosa, E., Messiha, N. W., Zahran, O., and Abd El-Samie, F. E. (2010). Encryption of speech signal with multiple secret keys in time and transform domains. International Journal of Speech Technology, 13(4):231–242. [Najih et al., 2016] Najih, A., Al-Haddad, S., Ramli, A. R., Hashim, S., and Nematollahi, M. A. (2016). Digital image watermarking based on angle quantization in discrete contourlet transform. Journal of King Saud University - Computer and Information Sciences, pages –. [Nechvatal et al., 2001] Nechvatal, J., Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J., and Roback, E. (2001). Report on the development of the advanced encryption standard (aes). Journal of Research of the National Institute of Standards and Technology, 106(3):511. [Nematollahi et al., 2015] Nematollahi, M. A., Al-Haddad, S., and Zarafshan, F. (2015). Blind digital speech watermarking based on eigen-value quantization in {DWT}. Journal of King Saud University - Computer and Information Sciences, 27(1):58 – 67.

BIBLIOGRAPHY

157

[Nikolaidis and Pitas, 1998] Nikolaidis, N. and Pitas, I. (1998). Robust image watermarking in the spatial domain. Signal Processing, 66(3):385 – 403. [Niyat et al., 2017] Niyat, A. Y., Moattar, M. H., and Torshiz, M. N. (2017). Color image encryption based on hybrid hyper-chaotic system and cellular automata. Optics and Lasers in Engineering, 90:225 – 237. [O’Ruanaidh and Pun, 1997] O’Ruanaidh, J. and Pun, T. (1997). Rotation, scale and translation invariant digital image watermarking. In Image Processing, 1997. Proceedings., International Conference on, volume 1, pages 536–539 vol.1. [Panda et al., 2012] Panda, A. K., Rajput, P., and Shukla, B. (2012). Fpga implementation of 8, 16 and 32 bit lfsr with maximum length feedback polynomial using vhdl. In Communication Systems and Network Technologies (CSNT), 2012 International Conference on, pages 769–773. [Parker and Chua, 1987] Parker, T. S. and Chua, L. (1987). Chaos : A tutorial for engineers. 982 PROCEEDINGS OF THE IEEE, 75(8). [Parvin et al., 2014] Parvin, Z., Seyedarabi, H., and Shamsi, M. (2014). A new secure and sensitive image encryption scheme based on new substitution with chaotic function. Multimedia Tools and Applications, 75(17):10631–10648. [Patidar and Sud, 2009] Patidar, V. and Sud, K. (2009). A novel pseudo random bit generator based on chaotic standard map and its testing. Electronic Journal of Theoretical Physics, 20(20):327–344. [Petitcolas, 2000] Petitcolas, F. A. P. (2000). Watermarking schemes evaluation. Signal Processing Magazine, IEEE, 17(5):58–64. [Premaratne and Premaratne, 2012] Premaratne, P. and Premaratne, M. (2012). Key-based scrambling for secure image communication. In Huang, D.-S., Gupta, P., Zhang, X., and Premaratne, P., editors, Emerging Intelligent Computing Tech-

158

BIBLIOGRAPHY

nology and Applications, volume 304 of Communications in Computer and Information Science, pages 259–263. Springer Berlin Heidelberg. [Radu et al., 2014] Radu, B., Cristina, D. A., Iustin, P., and Cristina, F. (2014). A new fast chaos-based image scrambling algorithm. In Communications (COMM), 2014 10th International Conference on, pages 1–4. [Rahman et al., 2011] Rahman, S. M. M., Hossain, M. A., Mouftah, H., El Saddik, A., and Okamoto, E. (2011). Chaos-cryptography based privacy preservation technique for video surveillance. Multimedia Systems, 18(2):145–155. [Rahmani et al., 2014] Rahmani, A., Amine, A., and Mohamed, R. H. (2014). A multilayer evolutionary homomorphic encryption approach for privacy preserving over big data. In 2014 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pages 19–26. [Reddy et al., 2016] Reddy, A. G., Yoon, E. J., Das, A. K., and Yoo, K. Y. (2016). Lightweight authentication with key-agreement protocol for mobile network environment using smart cards. IET Information Security, 10(5):272–282. [Rejewski, 1981] Rejewski, M. (1981). How polish mathematicians broke the enigma cipher. Annals of the History of Computing, 3(3):213–234. [Rivest, 1994] Rivest, R. L. (1994). The rc5 encryption algorithm. In Fast Software Encryption: Second International Workshop. Leuven, Belgium, 14-16 December 1994, Proceedings, volume 1008 of Lecture Notes in Computer Science, pages 86– 96. Springer. [Rivest et al., 1978] Rivest, R. L., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120–126. [Ruanaidh et al., 1996] Ruanaidh, J. O., Dowling, W. J., and Bol, F. M. (1996). Phase watermarking of digital images.

BIBLIOGRAPHY

159

[Schuster and Just, 2006] Schuster, H. and Just, W. (2006). Deterministic Chaos: An Introduction. Wiley. [Shannon, 1949] Shannon, C. E. (1949). Communication theory of secrecy systems. Bell System Technical Journal, Vol 28, pp. 656–715. [Sharma et al., 2016] Sharma, S., Gupta, A., Trivedi, M. C., and Yadav, V. K. (2016). Analysis of different text steganography techniques: A survey. In 2016 Second International Conference on Computational Intelligence Communication Technology (CICT), pages 130–133. [Siegenthaler, 1984] Siegenthaler, T. (1984).

Correlation-immunity of nonlinear

combining functions for cryptographic applications (corresp.). IEEE Transactions on Information Theory, 30(5):776–780. [Solachidis and Pitas, 2001] Solachidis, V. and Pitas, I. (2001). Circularly symmetric watermark embedding in 2-d dft domain. Image Processing, IEEE Transactions on, 10(11):1741–1753. [Sutton et al., 2009] Sutton, M., Orteu, J., and Schreier, H. (2009). Image Correlation for Shape, Motion and Deformation Measurements: Basic Concepts,Theory and Applications. Springer US. [Tawalbeh et al., 2013] Tawalbeh, L., Mowafi, M., and Aljoby, W. (2013). Use of elliptic curve cryptography for multimedia encryption. Information Security, IET, 7(2):67–74. [Tefas et al., 2003] Tefas, A., Nikolaidis, A., Nikolaidis, N., Solachidis, V., Tsekeridou, S., and Pitas, I. (2003). Performance analysis of correlation-based watermarking schemes employing markov chaotic sequences. IEEE Transactions on Signal Processing, 51(7):1979–1994. [Tefas and Pitas, 2001] Tefas, A. and Pitas, I. (2001). Robust spatial image watermarking using progressive detection. In Acoustics, Speech, and Signal Processing,

160

BIBLIOGRAPHY

2001. Proceedings. (ICASSP ’01). 2001 IEEE International Conference on, volume 3, pages 1973–1976 vol.3. [Tsekeridou and Pitas, 2000] Tsekeridou, S. and Pitas, I. (2000). Embedding selfsimilar watermarks in the wavelet domain. In Proceedings of the Acoustics, Speech, and Signal Processing, 2000. On IEEE International Conference - Volume 04, ICASSP ’00, pages 1967–1970, Washington, DC, USA. IEEE Computer Society. [Tuchman, 1998] Tuchman, W. (1998). Internet besieged. chapter A Brief History of the Data Encryption Standard, pages 275–280. ACM Press/Addison-Wesley Publishing Co., New York, NY, USA. [Wang and McCluskey, 1988] Wang, L.-T. and McCluskey, E. (1988). Linear feedback shift register design using cyclic codes. IEEE Transactions on Computers, 37(10):1302–1306. [Wang et al., 2006] Wang, R., Li, Q., and Yan, D. (2006). A high robust audio watermarking algorithm. In Intelligent Control and Automation, 2006. WCICA 2006. The Sixth World Congress on, volume 1, pages 4171–4174. [Wang et al., 2000] Wang, R., Lin, C., and Lin, J. (2000). Hiding data in images by optimal moderately-significant-bit replacement. Electronics Letters, 36(25):2069– 2070. [Wang and Liu, 2013] Wang, X. and Liu, L. (2013). Cryptanalysis of a parallel sub-image encryption method with high-dimensional chaos. Nonlinear Dynamics, pages 795–800. [Wang et al., 2015] Wang, X., Liu, L., and Zhang, Y. (2015). A novel chaotic block image encryption algorithm based on dynamic random growth technique. Optics and Lasers in Engineering, 66:10 – 18. [Wang et al., 2012] Wang, X., Teng, L., and Qin, X. (2012). A novel colour image encryption algorithm based on chaos. Signal Processing, 92(4):1101 – 1108.

BIBLIOGRAPHY

161

[Wang and Wang, 2014] Wang, X. and Wang, Q. (2014). A novel image encryption algorithm based on dynamic s-boxes constructed by chaos. Nonlinear Dynamics, 75(3):567–576. [Wang et al., 2010a] Wang, X., Wang, X., Zhao, J., and Zhang, Z. (2010a). Chaotic encryption algorithm based on alternant of stream cipher and block cipher. Nonlinear Dynamics, 63(4):587–597. [Wang and Xu, 2014] Wang, X. and Xu, D. (2014). A novel image encryption scheme based on brownian motion and pwlcm chaotic system. Nonlinear Dynamics, 75(1):345–353. [WANG and WANG, 2012] WANG, X.-Y. and WANG, T. (2012). A novel algorithm for image encryption based on couple chaotic systems. International Journal of Modern Physics B, 26(30):1250175. [Wang et al., 2010b] Wang, X.-Y., Yang, L., Liu, R., and Kadir, A. (2010b). A chaotic image encryption algorithm based on perceptron model. Nonlinear Dynamics, 62(3):615–621. [Wang et al., 2002] Wang, Y., Doherty, J., and Van Dyck, R. (2002). A waveletbased watermarking algorithm for ownership verification of digital images. Image Processing, IEEE Transactions on, 11(2):77–88. [Wang et al., 2011] Wang, Y., Wong, K.-W., Liao, X., and Chen, G. (2011). A new chaos-based fast image encryption algorithm. Appl. Soft Comput., 11(1):514–522. [Watson, 1994] Watson, A. B. (1994). Image compression using the discrete cosine transform. Mathematica Journal, 4:81–88. [Weerasinghe, 2013] Weerasinghe, T. (2013). An effective rc4 stream cipher. In Industrial and Information Systems (ICIIS), 2013 8th IEEE International Conference on, pages 69–74.

162

BIBLIOGRAPHY

[Wei et al., 2012] Wei, X., Guo, L., Zhang, Q., Zhang, J., and Lian, S. (2012). A novel color image encryption algorithm based on {DNA} sequence operation and hyper-chaotic system. Journal of Systems and Software, 85(2):290 – 299. Special issue with selected papers from the 23rd Brazilian Symposium on Software Engineering. [Wei-bin and Xin, 2009] Wei-bin, C. and Xin, Z. (2009). Image encryption algorithm based on henon chaotic system. Image Analysis and Signal Processing, 2009 . . . , pages 2–5. [Werndl, 2009] Werndl, C. (2009). What are the new implications of chaos for unpredictability ? Brit. J. Phil. Sci., 60:195–220. [Wolf et al., 1985] Wolf, A., Swift, J. B., Swinney, H. L., and Vastano, J. A. (1985). Determining lyapunov exponents from a time series. Physica D: Nonlinear Phenomena, 16(3):285–317. [Wong et al., 2008] Wong, K.-W., Kwok, B. S.-H., and Law, W.-S. (2008). A fast image encryption scheme based on chaotic standard map. Physics Letters A, 372(15):2645–2652. [Wu and Rul’kov, 1993] Wu, C. and Rul’kov, N. (1993). Studying chaos via 1-d maps-a tutorial. Circuits and Systems I: Fundamental Theory and Applications, IEEE Transactions on, 40(10):707–721. [Wu et al., 2011] Wu, Y., Noonan, J. P., and Agaian, S. (2011). Npcr and uaci randomness tests for image encryption. Cyber Journals: Multidisciplinary Journals in Science and Technology, Journal of Selected Areas in Telecommunications (JSAT), 1(2). [Wu et al., 2015] Wu, Z., Cao, H., and Li, D. (2015). An approach of steganography in g.729 bitstream based on matrix coding and interleaving. Chinese Journal of Electronics, 24(1):157–165.

BIBLIOGRAPHY

163

[xin Chen et al., 2015] xin Chen, J., liang Zhu, Z., Fu, C., Yu, H., and bo Zhang, L. (2015). An efficient image encryption scheme using gray code based permutation approach. Optics and Lasers in Engineering, 67:191 – 204. [Yanling, 2009] Yanling, W. (2009). Image scrambling method based on chaotic sequences and mapping. In Education Technology and Computer Science, 2009. ETCS ’09. First International Workshop on, volume 3, pages 453–457. [Yavuz et al., 2016] Yavuz, E., Yazıcı, R., Kasapba¸sı, M. C., and Yama¸c, E. (2016). A chaos-based image encryption algorithm with simple logical functions. Computers Electrical Engineering, 54:471 – 483. [Yuan-Biao and De, 2009] Yuan-Biao, Z. and De, W. (2009). An image encryption and sharing algorithm based on chaos and indeterminate equation. In Computational Intelligence and Software Engineering, 2009. CiSE 2009. International Conference on, pages 1–4. [Zadeh and Heys, 2014] Zadeh, A. and Heys, H. (2014). Simple power analysis applied to nonlinear feedback shift registers. Information Security, IET, 8(3):188– 198. [Zhang et al., 2015] Zhang, L., Wu, Q., Domingo-Ferrer, J., Qin, B., and Dong, Z. (2015). Round-efficient and sender-unrestricted dynamic group key agreement protocol for secure group communications. IEEE Transactions on Information Forensics and Security, 10(11):2352–2364. [Zhang et al., 2009] Zhang, Q., Guo, L., Xue, X., and Wei, X. (2009). An image encryption algorithm based on dna sequence addition operation. In Bio-Inspired Computing, 2009. BIC-TA ’09. Fourth International Conference on, pages 1–5. [Zhang and Zhao, 2013] Zhang, X. and Zhao, Z. (2013). Chaos-based image encryption with total shuffling and bidirectional diffusion. Nonlinear Dynamics, (i).

164

BIBLIOGRAPHY

[Zhang et al., 2013] Zhang, Y., Lu, K., Gao, Y., and Wang, M. (2013). Neqr: A novel enhanced quantum representation of digital images. Quantum Information Processing, 12(8):2833–2860. [Zhou and guo Shi, 2012] Zhou, B. and guo Shi, A. (2012). Chaotic watermarking system for audio based on wavelet packet. International Workshop on Chaosfractals Theories and Applications. [Zhou et al., 2014] Zhou, J., Liu, X., Au, O. C., and Tang, Y. Y. (2014). Designing an efficient image encryption-then-compression system via prediction error clustering and random permutation. IEEE Transactions on Information Forensics and Security, 9(1):39–50. [Zhou et al., 2015] Zhou, R.-G., Sun, Y.-J., and Fan, P. (2015). Quantum image gray-code and bit-plane scrambling.

Quantum Information Processing,

14(5):1717–1734. [Zhou et al., 2016] Zhou, X., Gong, W., Fu, W., and Jin, L. (2016). An improved method for lsb based color image steganography combined with cryptography. In 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS), pages 1–4. [Zhou et al., 2013] Zhou, Y., Panetta, K., Agaian, S., and Chen, C. L. P. (2013). (n, k, p)-gray code for image systems. IEEE Transactions on Cybernetics, 43(2):515– 529. [Zhou et al., 2012] Zhou, Y., Panetta, K., Agaian, S., and Chen, C. P. (2012). Image encryption using p-fibonacci transform and decomposition. Optics Communications, 285(5):594 – 608. [Zhu and Wang, 2010] Zhu, G. and Wang, W. (2010). Digital image encryption algorithm based on pixels. Intelligent Computing and . . . , pages 769–772.

BIBLIOGRAPHY

165

[Zou et al., 2004] Zou, J., Ward, R. K., and Qi, D. (2004). A new digital image scrambling method based on fibonacci numbers. In Circuits and Systems, 2004. ISCAS ’04. Proceedings of the 2004 International Symposium on, volume 3, pages III–965–8 Vol.3.